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Sybase patches up its differences with a security 
research firm that found flaws in its database. 
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Feds Force Tighter Oversight of Outsourcers 


Regulations push 
banks to centralize 
control, trim vendors 


| 

| 

| 
BY LUCAS MEARIAN 
MEMPHIS | 
IT executives from several 
banks last week said govern-__ | 
ment directives such as the | 
Sarbanes-Oxley Act are dri- 


| ternal management of out- 


| laws. As a result, some users 


ving improvements in the in- 


sourcing deals — but at a cost. | 
For example, the regula- 
tions are forcing companies 
to spend significant time and 
money to ensure that their 
outsourcers comply with the 


| 


said they face pressure to cen- 
tralize outsourced projects by 
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, hiring a single large firm with 
| the resources to meet all their 


requirements. That means 
they may have to ignore small- 


| er outsourcing vendors that 
| could provide an IT edge. 


“My biggest concern right 
now is that it’s almost impos- 
sible for us to do business 
with small companies, espe- 


cially small innovative compa- 
| 


nies that aren’t well financed,” 


| said Patrick Ruckh, chief tech- 


Outsourcing, page 57 
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Curt A. Monash says systems for managing different 
kinds of data are the IT platforms of the future. 
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Lagson HIPAA 
Security Rules 


Companies struggle to meet deadline for 
complying with data protection mandates 





BY JAIKUMAR VIJAYAN 
The data security 
rules mandated by 

the Health Insurance 
Portability and Ac- 
countability Act take 
effect next week. But a 
majority of health care com- 
panies are unlikely to be ful- 
ly compliant with the new 
rules by then, according to 
recent surveys by two indus- 
try associations. 

“There’s not been a lot of 
forward momentum with 
HIPAA’s security piece, 
which we find quite discon- 
certing,” said Joyce Sens- 


one 
= 


meier, director of 
\ informatics at the 
Healthcare Informa- 
tion and Management 
Systems Society in 
Chicago. 

HIMSS, which rep- 
resents more than 15,000 in- 
dividual members and about 
220 companies, surveyed 400 
health care firms earlier this 


| year. Only 18% of the pro- 
| viders and 30% of the insur- 


ers that responded to the poll 


| said they would be compliant 


by the April 20 deadline. 
The American Health In- 
HIPAA, page 16 


Freddie Mac Invests in 
IT to improve Reporting 


Mortgage lender 
spends $100M-plus 
on new finance apps 
BY THOMAS HOFFMAN 
Freddie Mac plans to 
spend $45 million 
this year, on top of 
the $70 million it in- 
vested in 2004, to 
continue develop- 
ment of more than 
50 new systems that 
are intended to im- 
prove the integrity 


bse) Bay VES 
Cars 
Cates eRe LB eee 


| of the mortgage lender’s 
| financial reports. 


The development effort, 


| which began in late 2003, fol- 


lows an accounting scandal 
in which Freddie Mac under- 
stated its earnings by 
almost $5 billion be- 
tween 2000 and 
2002. Bill DeLeo, 
vice president of 
capital markets tech- 
nology services at 
Freddie Mac, said 
last week that the 
Freddie Mac, page 16 
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_ Taking Defense Down to the Data 
=n the Technology section: An increased focus on 
compliance issues and concerns about data loss 


Strategic Security 


In the Management section: Tactical fixes 
just aren’t good enough anymore. A growing 
number of security managers say it’s time to 
approach information security as an opera- 
tional risk management issue. Page 48 


have led users to realize that they may need 
* more than traditional network- and perimeter- 
oriented data-protection systems. Page 25 
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6 Federal agencies are bedev- 


iled by a faulty HR software 
system created by recruiting 
firm Monster Worldwide. 


Sybase withdraws its threat 
of legal action against a secu- 
rity research firm that found 
flaws in its database. 


Sunoco pushes the limits of 
multivendor outsourcing by 
managing IT services deals 
with 17 vendors. 


Costco uses offshore devel- 
opment, but the retailer is still 
hiring large numbers of in- 
house programmers. 


Q&A: John Swainson, CA's 
new CEO, explains his move 
to reorganize the company 
into five software units. 


A data-transfer flaw results 
in problems with health insur- 
ance payments to GM work- 
ers and retirees. 


SAS and Hyperion are unveil- 
ing business intelligence tools 
that will give nontechnical 

users access to corporate data. 
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Storage Networking World. 
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over a deadline for European 
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Fujitsu introduces a pair of 
Itanium 2 servers that will run 
under Windows and Linux. 


Budget. New products that in- 
crease performance for ad hoc 
queries while they lower costs 
are challenging established 
data warehouse vendors. 
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IBM’s Alan Ganek discusses 
the present state and future 
of autonomic computing. 
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ports that with IT managers 
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to justify the maintenance 
fees they often treat as a 
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spectable notion of platforms. 


) Bart Perkins believes accu- 
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help your business make the 
right decisions. 
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Siemens Buys 
U.S. Software Firm 


Munich-based electronics giant 
Siemens AG has reached an 
agreement to acquire Myrio Corp., 
a Bothell, Wash.-based developer 
of software for emerging IP tele- 
vision services that use the Inter- 
net to deliver video. Terms of the 
deal weren't disclosed. The acqui- 
sition will strengthen Siemens’ 
portfolio of voice, data and video 
technologies. 


Microsoft Issues 
Patches This Week 


On Tuesday, Microsoft Corp. will 
issue eight security alerts with 
patches for Windows, Office, MSN 
Messenger and Exchange. Five of 
the security bulletins apply to 
Windows, and at least one of 
those is deemed critical. Office, 
MSN Messenger and Exchange 
will get one bulletin each, all 
deemed critical. 


AMD Set to Unveil 
Dual-Core CPU 


The race between Intel Corp. and 
Advanced Micro Devices Inc. to 
be first to market with dual-core 
processors is about to end. AMD 
is expected to introduce its first 
dual-core Opteron processors at 
an event in New York on April 21, 
according to sources. The event 
will also mark the second an- 
niversary of the unveiling of the 
64-bit Opteron. 


VMware to Ship 
Software Pack 


VMware Inc. today will release its 
Workstation 5 desktop virtualiza- 
tion software, which will run on 
Windows and Linux host operat- 
ing systems. New features, cou- 
pled with memory-sharing tech- 
nology used in VMware’s ESX 
Server, will let companies con- 
nect multiple virtual machines 
with configurable network seg- 
ments to simulate and test multi- 
tier applications on developer 
desktops. 





‘Monster Software Flaw 


Haunts Fed Agencies 


QuickHire glitches 
hinder HHS, DHS 
hiring efforts 
BY MARC L. SONGINI 
EVERAL federal govern- 
ment agencies have 
been bedeviled over 
the past month by 
technical issues that impaired 
a hosted human resources 
software system run by re- 
cruiting and advertising giant 
Monster Worldwide Inc. 

The problems have forced 
Monster developers to per- 
form various work-arounds 
and the agencies to adopt tem- 
porary processes for job appli- 
cants. Monster said it will pay 
to fix the problems, though 
neither it nor the agencies 
would disclose the amount 
of that outlay or the cost of 
adopting the temporary mea- 
sures. 

The affected agencies in- 
clude the Department of Health 
and Human Services and the 
Department of Homeland Se- 
curity’s Customs and Border 
Protection, Citizenship and 
Immigration Services, and Im- 
migration and Customs En- 


| forcement units. 


The hosted software system, 
called QuickHire, automates 
the processing of often com- 
plex government job applica- 
tions and can quickly link 
candidates to the appropriate 
open job slot. 


Unable to Handle Volume 
At HHS, the system worked 
well for several months after it 
went live in October 2003, said 
Bob Hosenfeld, the agency’s 
deputy assistant secretary for 
human resources. However, by 
the time QuickHire was shut 
off last month, “the software 
was unable to handle the vol- 
ume and demands placed on it 
by the department and appli- 
cants,” he said. 

Monster subsidiary Monster 
Government Solutions, based 
in McLean, Va., runs and man- 





ages the QuickHire software. 
The operation’s customer list 
includes some 60 federal 
agencies, according to a Mon- 
ster spokeswoman. 

The Monster-hosted systems 
supporting HHS and the DHS 
went off-line by mutual agree- 
ment on March 9. Monster has 
been working unsuccessfully 
since then to get the software 
back up and running. 

At the DHS’s Customs and 
Border Protection agency, 
QuickHire provided a fast way 
to fill vacant slots, but “glitch- 
es in the system” cropped up, 
said a spokesman. Since then, 





the application has been un- 
able to handle heavy volume, 
and it began timing out while 
job applications were being 
processed, he said. 

Rather than canceling the 
hosted service, “we basically 
went back to the drawing board 
and are trying to work out the 
glitches,” the spokesman said. 
Those whose job applications 
have been lost have been con- 
tacted via e-mail, to the best of 
the agency’s ability, and have 
been urged to reapply, he said. 

As of April 4, the agency’s 
Web site stated that all job 
openings would be posted on 





an alternative government site 
and that some candidates 
would need to provide appli- 
cation information via e-mail 
while QuickHire is down. 

Without offering specifics, 
the Monster Government So- 
lutions spokeswoman said the 
QuickHire performance issues 
were the result of “unantici- 
pated and exceptionally high 
volume of applicants and open 
positions.” She said all of the 
organizations have been work- 
ing together to fix the prob- 
lems, but “at this time, it is un- 
clear how long the sites will 
be unavailable.” 

She also said that the com- 
pany uses multiple database 
servers for its customers to 
contain glitches on one ma- 
chine, which ensures that the 
current problem “doesn’t im- 
pact our broader client base.” 

One of Monster’s happy 
customers is the FBI, where 
QuickHire was deployed in 
early 2004. 

A spokeswoman said the FBI 
is “having great success” using 
the system for both external 
and internal job candidates. 
She said the system reduces 
the number of man-hours in- 
volved in processing applica- 
tions. “Like any new program, 
we're making changes and ad- 
ditions and updates as deter- 
mined by ongoing usage,” she 
said. @ 53653 





Sybase Drops Legal Threat 
On Disclosure of Flaws 


Terms reached on 
technical advisory 
BY JAIKUMAR VIJAYAN 

Sybase Inc. last week with- 
drew its legal threat against a 
U.K.-based bug-hunting firm 
after the companies reached 
an agreement about the con- 
tents of a software vulnerabili- 
ty disclosure that was at the 
center of the dispute. 

Sybase and Next Generation 
Security Software Ltd. in Sur- 
rey, England, issued a joint an- 
nouncement about a series of 
security holes that NGS found 
in Sybase’s Adaptive Server 





Enterprise database last year. 
The companies pointed users 
to a technical advisory posted 
by NGS and to information on 
Sybase’s Web site about fixes 
that were released in February. 
Two weeks earlier, NGS 
dropped plans to publicly re- 
lease details of the database 
flaws after Dublin, Calif.- 
based Sybase warned that it 
would take legal action if NGS 
went ahead with the disclo- 
sure. Sybase said the warning 
was motivated by concern for 
the security of Sybase ASE 
users [QuickLink 53410]. 
Sherief Hammad, a found- 
ing director of NGS, said last 





week that the research firm 
agreed to let its vulnerability 
advisory be edited by Sybase 
officials after hearing about 
their concerns. 

“We managed to word the 
advisory in such a way that we 
felt we had enough details for 
it to be worthwhile to the pub- 
lic and Sybase felt it had limit- 
ed ability to be exploited,” 
Hammad said. “At the end of 
the day, it was a fairly amica- 
ble agreement.” 

Sybase’s edits were margin- 
al and didn’t alter the meaning 
of the original content in any 
way, Hammad said. As part of 
the deal with Sybase, “there 
was no agreement that they 
will get this privileged process 
every time,” he noted. 

Hammad added that NGS 
doesn’t plan to revise its vul- 





Multivendor Outsourcing Wins 
Some Fans; Others Not Sold 


Approach reduces 
costs but increases 
complexity 


BY PATRICK THIBODEAU 
LOS ANGELES 


having a “multisourced” envi- 
ronment, they often mean that 
they’re using two or three 
large outsourcing vendors to 
run their technology opera- 
tions. But at Sunoco Inc., mul- 
tisourcing has meant turning 
to 17 companies to deliver IT 
infrastructure services over 
the past several years. 

Tim Murtha, who last week 
retired from his job as manag- 
er of systems at Sunoco after 
a 40-year career in its IT de- 
partment, said at an outsourc- 
ing conference held here by 
Gartner Inc. that the petrole- 
um and chemical company be- 
lieves in using best-of-breed 
service providers. 

Murtha said large outsourc- 
ing vendors often subcontract 
out specialized work, such as 
managing virtual private net- 
works or IT security func- 
tions. By working directly 


4 Are these 
guys going to 
play well together? 


| That’s kind of a big 
| argument against 


When IT executives talk about 


[best-of-breed out- 


| GEORGE JANNINO, 
| STARWOOD HOTELS & RESORTS 


with smaller vendors, Murtha 
felt that Philadelphia-based 
Sunoco was in a better posi- 
tion to get lower prices over- 
all. “At the end of the day, we 
knew we were going to drive a 
lower unit cost,” he said, al- 
though he said the real value 
was increased technology 
flexibility. 

At the Gartner conference, 
some attendees wondered 
whether the cost of managing 
numerous vendors would off- 
set any possible contract 


| gains. They said that they’re 


trying to find the right formu- 
la for using different vendors 


| without adding costs or un- 


dermining their existing out- 





nerability disclosure policies 
as a result of the incident. NGS 
officials said they initially dis- 
close the existence of flaws 
only to the affected software 
vendors and then wait for 


WEL ES 
Flaw Details 





patches to be released before 
going public with the details. 

Kathleen Schaub, vice presi- 
dent of marketing at Sybase, 
said the whole affair stemmed 
from a misinterpretation of 
the software vendor’s motives 
on the part of NGS. 

“From our standpoint, it was 
a miscommunication,” Schaub 
said. “As soon as we started 
the dialogue, they realized, 
and we agreed, that they could 
publish what they felt they 
needed to.” 


Sybase is evaluating whether | 


it needs to set a formal policy 
for dealing with vulnerability 
researchers, Schaub said. But 
she added that the software 
vendor “will work more pro- 
actively and more coopera- 
tively” with researchers in the 
future. @ 53669 


sourcing relationships. 

George Jannino, director of 
technology contract manage- 
ment at Starwood Hotels & 
Resorts Worldwide Inc., said 
the hardest part of moving to a 
best-of-breed outsourcing ap- 
proach is managing the proc- 
ess. “Are those guys going to 
play well together? That’s kind 
of a big argument against it for 
us,” he said. 

White Plains, N-Y.-based 
Starwood, which owns hotel 
chains such as Sheraton and 
Westin, is using two primary 
IT services vendors. The com- 
pany previously had relied on 
IBM to manage its core IT in- 


| frastructure. But last fall, it 
signed a seven-year, $100 mil- 


lion technology and outsourc- 


| ing contract with Hewlett- 


Packard Co. as part of a plan 
to replace its mainframes with 
Unix and Linux systems 
[QuickLink 50420]. 

IBM continues to provide 
some IT services at Starwood 


| and will play a key role at 


many of its properties, han- 
dling tasks such as installation 
of kiosks, said Starwood CIO 
Bill Oates. He added that he 


| isn’t ruling out adding a third 


major vendor to the outsourc- 
ing mix, particularly in appli- 
cation development, which is 


mostly done in-house now. 


And despite his reservations 
about best-of-breed outsourc- 
ing, Jannino said the contract 
with HP is based on a “tower” 
approach that gives Starwood 
the ability to terminate indi- 
vidual IT services if HP isn’t 
meeting specified perfor- 


| mance levels and shift them to 


other vendors. That includes 
functions such as Web hosting 


| and server and desktop sup- 


port, he said. 


| Downsides 
| But other users at the confer- 


ence pointed out that termi- 
nating a vendor’s services 
could result in steep financial 
penalties, particularly if the 
outsourcer needs to recoup 


technology investments. 

Having multiple offshore 
vendors is another issue. 

For example, IndyMac Ban- 
corp Inc. last year picked Cog 
nizant Technology Solutions 
Corp. in Teaneck, N.J., to help 
with projects such as develop- 
ing a new loan-origination 
system, said Mark Nelson, 
executive vice president of 
global services at the Pasade- 
na, Calif.-based savings and 
loan company. 

About 60% of Cognizant’s 
work is done offshore, Nelson 
said. For now, Cognizant is the 
bank’s only offshore vendor. 
But that could change if the 
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number of Cognizant employ- 
ees assigned to IndyMac in 
creases from the curren 
of about 150 people to 250 
Nelson added. At that point, 
IndyMac would be spending 
enough money that it would 
“have to think about a second 
vendor,” he said 

Although Nelson said he’s 
convinced that he’s getting 
high-quality work from Cog- 
nizant, the bank’s top execu- 
tives will want to know “how 
we're sure we are getting the 
best value,” he added. “So we'll 
have to have very capable 
benchmarking or that second 


horse in the stable.” @ 53676 


Costco Aims to Avoid 
Offshore Dependency 


LOS ANGELES 


RETAILER COSTCO Whole- 
sale Corp. uses offshore devel- 
opment but is still hiring lots of 
programmers internally. Don 
Burdick, senior vice president 
of information systems at Cost- 
Co, Said last week that he has 
about 60 vacancies for devel- 
opers with RPG, .Net and Java 
skills on his programming staff, 
out of a total of 250 positions. 

The underlying philosophy at 
Issaquah, Wash.-based Costco, 
which had revenue of about 
$48 billion last year, is “that our 
own employees do it better,” 
Burdick said at the Gartner out- 
sourcing conference. He added 
that Costco typically promotes 
from within when higher-level 
IT jobs open up, because it 
wants to retain the business 
knowledge that workers have 
accumulated. 

“We're actually able to give 
people good career paths inside 
our own IT organization, and we 
believe that encourages them 
to get in and really learn the 
business,” Burdick said. “That's 
a huge competitive advantage.” 

He said that Costco turned 
to offshore services after it had 
trouble hiring programmers in 
2000, during the height of the 
dot-com boom. The retailer is 
using Aliso Viejo, Calif.-based 
U.S. Technology Resources 


LLC, which operates an off- 
shore center in Kerala, India 

“It's really important for us in 
our environment that [internal] 
people not feel threatened, that 
they don't feel that their jobs 
are going away,” Burdick said 
“Outsourcing has become a eu- 
phemism for downsizing, right- 
sizing, getting rid of people and 
solving problems.” 

Costco executives weren't 
looking at offshore outsourcing 
as a way to save money, accord- 
ing to Burdick. “in fact, we were 
looking at it the opposite way - 
we wanted to leverage our 
people” for high-value projects 
such as rewriting the company's 
membership database, he said. 

The offshore developers pri- 
marily do maintenance work, 
although they have been inte- 
grated into Costco’s workforce 
and are treated as part of its 
development teams. But Bur- 
dick said he thinks it’s essential 
to keep development expertise 
in-house “and not become de- 
pendent on the outsourcer.” 

It's also part of Costco’s cul- 
ture to ensure that any out- 
sourcer the company works 
with pays above the prevailing 
wage, Offers health benefits 
and uses full-time employees, 
Burdick said. “We want to raise 
the standards.” 

- Patrick Thibodeau 





{COMPUTERWORLD April 1, 2005 


NEWS 


www.computerworld.com 





Siebel Issues Q1 
Earnings Warning 


Siebel Systems Inc. warned that 
revenue and earnings for its first 
fiscal quarter fell below expecta- 
tions. Siebel expects revenue of 
$297 million to $300 million for 
the quarter that ended March 31. 
The consensus forecast of ana- 
lysts was $337.5 million. Soft- 
ware license revenue will likely 
decline from $126.8 million last 
year to $75 million. In last year’s 
first quarter, Siebel’s revenue was 
$329.3 million. (See the editorial 
on page 20 for more on this.) 


HP Plans to Unveil 
Linux NAS Device 


Hewlett-Packard Co. is readying 

a new Linux-based enterprise- 
quality network-attached storage 
(NAS) device to be managed us- 
ing its StorageWorks Grid archi- 
tecture. It will be launched May 16 
at the HP StorageWorks Confer- 
ence in Las Vegas. HP also plans 
to announce a refresh of its Enter- 
prise Virtual Array product line. 


Stone Named CEO 
At StreamServe 


Former Novell Inc. executive Chris 
Stone was named CEO and presi- 
dent of StreamServe Inc., a busi- 
ness communications manage- 
ment vendor. Stone replaces 
StreamServe co-founder Hans 
Otterling, who is now vice chair- 
man of the board. Stone left Novell 
last November after helping it ac- 
quire SUSE Linux AG and taking it 
on an open-source track. 


Progress Spends 
$25M for Apama 


Progress Software Corp. has ac- 
quired privately held Apama Inc. 
for about $25 million in cash. Apa- 
ma sells event stream processing 
technology, mostly to the financial 
services industry. Apama will be- 
come part of Progress’ Object- 
Store unit, whose real-time data 
infrastructure technology will be 
integrated with Apama’s offerings. 





ON THE MAR 


ClOs Target Service 
And Support. . . 


. . . fees for their next budget cuts. That should send a 
shiver down the spine of many a CFO at software 
vendors that slap 15%, 18% or 20% annual taxes, if 
you will, on top of their license prices. According to 
survey results released last month by the San Diego- 


based Service & Sup- 
port Professionals 
Association, more 
than half of the 220 
IT managers it polled 
last fall said they 
want to chop those 
fees. “CIOs have al- 
ready taken a big 
chunk out of the licensing 
part,” says Irfhan Rajani, CEO 
of Apparent Networks Inc. in 
Vancouver, British Columbia. 
“Now they’re turning their 
focus on the next chunk of 
cash — the annuity stream 
of maintenance fees.” Despite 
the high margins generated 
by that stream, Rajani says 
software vendors have long 
considered their service and 
support divisions “as the 
poor cousin,” investing mini- 
mally in their operations. As 
a result, software support is 
often viewed by users as in- 
effective or unresponsive, he 
says. But Rajani adds that in 
the current climate of per- 
ceived overpricing and un- 
derperformance on support, 
vendors “have to justify this 
annuity stream to their cus- 


ea 


eure es 
intending to rene- 
gotiate service 
contracts, says 
the SSPA. 





tomers.” That could 
result in lower costs 
or improved services 
that make the fees 
worth it, he suggests. 
If better service is 
more important than 
budget cuts, IT man- 
agers should scrap 
their penchant for service- 
level agreements with ven- 
dors in favor of service-quali- 
ty agreements, Rajani says. 


| The difference between an 


SLA and an SQA is more 
than one letter, he argues. 
An SLA will guarantee so 
much bandwidth or so many 
9s of uptime for an applica- 
tion. But what you really want 
is an agreement that guaran- 
tees the response time of 
your applications, which is 
what an SQA demands. So, 
when you negotiate your 
next service and support 





deal, think service quality. 

Oh, and bring an ax to the 

meetings — maybe labeled 
“Ax the tax.” Your vendors 
will get the idea. 


identity management 


| isn’t just a security. . . 


. .. headache; it’s also a produc- 
tivity drain. The No. 1 problem 
that help desk staffers solve is 
resetting end-user passwords. 
That’s because people inside 
big companies have too many. 
Eight per user is the 
minimum that Impriva- 

ta Inc. found inside an 
unspecified 

number of 

large corpo- 

rations it stud- 

ied last year, says 

Omar Hussain, senior 

vice president of marketing 
and product management at 
the Lexington, Mass.-based 
vendor. And that’s too many 
for one poor soul to remem- 
ber, he argues. The solution? 
Single sign-on technology, 
Hussain says — specifically, 
Imprivata’s OneSign appli- 
ance. Next month, Imprivata 
will release Version 2.8 of the 
OneSign software, adding 
support for biometric and 
smart-card devices from ven- 
dors including Vasco Data 
Security International Inc., 
Gemplus International SA 
and Supercom Canada Ltd. 
OneSign can handle as many 
as 25,000 Windows end users 
and creates detailed reports 
about who accessed what and 
when — a big plus in this era 
of compliance auditing. Pric- 
ing starts at $60 per user. 


Wireless security 
appliance offers. . . 

. .. an access point, a firewall 
and a virtual private network. 
The VPN-1 Edge W from 


POCO SO SCO EO OHSS EEE SE HEE EE OEE HESEHESE OE EH EEE OO EEE SESES ESE EE EES 


OneSign can sup- 
port 25,000 





Check Point’s 
Edge W device. 





HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY GOSSIP BY MARK HALL 


Check Point Software Tech- 
nologies Ltd. in Redwood 
City, Calif., ships this week 
with a starting price of $799, 
The new device supports 
802.11 Super G, which doubles 
wireless data transmission 
rates to 1O8Mbit/sec. and 
triples the range of access 
points to 300 meters indoors 
and | kilometer outdoors. The 
appliance handles WEP, WPA 
and IPsec encryption and can 
function as your print server. 
It does not, however, include 
a kitchen sink 
among its fea- 
tures. Check 
Point will also 
ship by next week 
an extension to 
Express, its integrat- 
ed VPN, firewall and intru- 
sion-prevention system soft- 
ware, which is aimed at mid- 
size companies. Check Point 
Express CI adds antivirus soft- 
ware to its gateway server. 
Pricing starts at $4,000. 


Single sign-on for 
desktop Linux... 

. . . Users is here, too. Ken Het- 
zer, vice president of business 
development at TFS Technol- 
ogy Inc., says the Herndon, 
Va.-based company last 
month started shipping TFS 
Workstation Control for Lin- 
ux software, which joins its 
Windows offering. Both prod- 
ucts use a Linux or Unix serv- 
er to centrally manage and 
store end-user credentials 
and passwords. By Q4, TFS 
will add biometric and smart- 
card support for Linux desk- 
top systems, Hetzer says. He 
acknowledges that the Linux 
desktop market is small. But, 
he says, “we’re going to be on 
the forefront for organiza- 
tions moving to Linux.” Het- 
zer adds that TFS is looking 
“very closely” at adding sin- 
gle sign-on support for end- 
user devices such as Macin- 
toshes and Palm handhelds. 
Pricing for both the Linux 
and Windows versions starts 
at $50 per seat. @ 53633 
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CA’s Top Exec Aims for 
More-Focused Operations 


Swainson creates five separate software , You have to manage the com- 


development units, seeks data on ROI 





BY MATT HAMBLEN 

Computer Associates Interna- 
tional Inc. last week formally 
announced a reorganization of 
its product operations into five 
business units with 
their own develop- 
ment, marketing and 
profit-and-loss re- 
sponsibilities. The 
changes were set in 
motion earlier this 
year by John Swain- 
son, CA’s new presi- 
dent and CEO 
[QuickLink 52225]. 
Swainson, who joined 
CA in November, 
spoke with Computerworld 
last week about the formation 
of the business units and other 
issues. Excerpts from the inter- 
view follow: 


You’re outlining five new business 
units and other changes at CA. 


SWAINSON says CA 
PERM Cm COMeom Ce) 
meet users’ needs. 


Why now? It’s a follow-up to 
what was said last December 
about how to get CA focused 
and aligned, and with all [parts 
of the company] pulling on the 
same rope. We’ve ob- 
viously been in our 
final quarter of the 
fiscal year, and that 
didn’t seem like a 
great time for organi- 
zational changes. But 
4 now we’re through 
P| that. 
ating individual busi- 
ness units? This is 
what you need if you manage 
a company the size of CA. You 
can’t manage it from the cor- 
ner office. You have to create 
managers focused on well- 


| defined markets and goals, 


and you have to give them the 
power to go after those goals. 


What’s your goal in cre- 


| . 
pany overall in a way that 


_ | looks at ROI and invested 


capital, and that’s not histori- 
cally how CA was run. We 
didn’t have a view of how 
much was spent in a business 
and what return you would 

| get from it. 


Are these changes tied to the 
SAP-based ERP system that CA is 
developing? It will be absolutely 
tied to the ERP system, which 
is why we had to do it now. 
The idea of business units was 
kicking around CA for a couple 
of years. In 2001, we took the 
first step with two business 
units, one for security and one 
for everything else. Then the 

| company got distracted, as you 
might imagine, and nothing 

| happened for a while. 


What are the corporate customers 
you’ve met with over the past few 
months telling you about CA? I’ve 
talked to hundreds of them, 





Internal Changes, Acquisition Seen as Steps Forward 


IN ADDITION to its internal 
makeover, Computer Associates 
last week announced another 
acquisition, saying that it has 
agreed to buy network service 
management software vendor 
Concord Communications Inc. 
for about $330 million in cash. 

Analysts said these develop- 
ments are signs that CA is start- 
ing to move forward after reach- 
ing settlements last fall with the 
U.S. Department of Justice and 
the Securities and Exchange 
Commission over an alleged ac- 
counting fraud scheme at the 
company in 1999 and 2000 
[QuickLink 49647]. 

“To a certain extent, the 
sleeping giant of CA is awaken- 
ing,” said Stephen Elliott, an 
analyst at Framingham, Mass.- 
based IDC. Elliott said the new 
business-unit structure should 
make CA's operations more effi- 


cient and focused. He added 
that the Concord acquisition will 
give CA new customer accounts 
among telecommunications ven- 
dors and service providers. 

CA has had “a lot of big ques- 
tion marks over its head for a 
while,” noted Dennis Drogseth, 
an analyst at Enterprise Man- 
agement Associates in Boulder, 
Colo. “All of a sudden, they have 
a new structure and a major ac- 
quisition with Concord. It could 
position them well.” 

The five business units being 
created by John Swainson, CA's 
president and CEO, include sepa- 
rate operations for enterprise sys- 
tems, security and storage man- 
agement, as well as a Business 
will develop tools to support func- 
tions such as business process 
modeling and IT governance. 

The fifth unit, called the CA 


Products Group, will be respon- 
sible for existing offerings that 
fall outside of the company’s 
core technology areas. Those 
products include application de- 
velopment and mainframe data- 
base management tools, a CA 
spokesman said. 

CA said the general managers 
of the business units will be ac- 
countable for the financial per- 
formance of their own opera- 
tions and will be in charge of 
staffing, strategic planning and 
customer satisfaction, in addi- 
tion to product development and 
marketing. 

The Concord acquisition is ex- 
pected to be completed within 
three to four months. CA said the 
Marlboro, Mass.-based compa- 
ny's operations will be integrated 
into the enterprise systems man- 
agement business unit. 

~- Matt Hamblen 





and they’re all pretty positive 
about what they think the rela- 
tionship with CA can be. A lot 


| are waiting for us to deliver on 


our promises, frankly. We have 
more to do in that regard. 


I’m sure people ask you about CA’s 


| internal accounting difficulties and 


the settlement deal that the com- 
pany signed with the government 
last year. Yes, many customers 
have asked what we're doing 
to change and how we can en- 
sure [that] something similar 
won't happen again. So I tell 
them we've changed five of 
the top financial executives, 
we've replaced all 10 lawyers, 
we have a new CFO, CEO and 
chief marketing officer. Then 
I say that we’re investing in 
new ERP software and have 

a new compliance officer. 





www.computerworld.com 


Your letter to customers about 


| the new business units also men- 


tions the need to beef up CA’s in- 
direct sales channel, since it ac- 
counts for only about 10% of your 
sales, with the industry average 
at 50%. What is a good level for 
CA? Well, 10% can’t be right. 
But I don’t know if we’d ever 
make it to 50%. Channel part- 
nerships will help us broaden 
our reach. 

We'll continue to focus 
on direct [sales to large] ac- 
counts. But indirect sales will 
serve the midtier segment, 
with whom we have no rela- 
tionships now. @ 53671 
READ MORE 
An extended version of our interview with 
John Swainson is available online: 


e QuickLink 53589 
www.computerworld.com 





IT Glitch Halts Payments 
To GM Workers, Retirees 


BY TODD R. WEISS 
Data-transfer problems during 
a switch of health insurance 
benefits administrators at the 
start of this year continue to 
cause problems for thousands 
of General Motors Corp. em- 
ployees and retirees. 

Sharon Baldwin, a spokes- 
woman for GM, confirmed 
last week that an unknown 
number of GM workers, re- 
tirees and their dependents 
are still having problems get- 
ting health care and prescrip- 
tion bills paid more than three 
months after Boston-based Fi- 
delity Investments took over 
as administrator of the plan. 

“No one has lost benefits, 
and they still have continuity 
of care” while the glitches are 
being resolved, Baldwin said. 

Previously, GM workers and 
retirees were served by three 
different health care adminis- 
trators, she said. On Jan. 1,GM 
replaced the three with a sin- 
gle administrator, Fidelity. 

The accounts of 1.1 million 
workers, retirees and depen- 
dents were to be transferred 
from the previous administra- 
tors to Fidelity. However, 
about 2%, or 22,000 accounts, 
didn’t transfer properly before 





the new system went live, 
Baldwin said. 

Many of the problem ac- 
counts were found through 
testing before the system went 
live, but thousands of other 
problem accounts initially 
went undetected. GM and Fi- 
delity heard about the prob- 
lems when workers and re- 
tirees called to complain 
about difficulties they were 
having with their insurance 
benefits, she said. 

Baldwin wouldn't estimate 
the number of workers and 
retirees who are still having 
trouble with their accounts. 

“We have emergency 
processes in place so that 
everybody has coverage, and 
we'll do whatever they need” 
to be sure that claims are paid, 
Baldwin said. GM moved to 
just one benefits administrator 
so that workers and retirees 
could manage their benefits 
through a single point of con- 
tact, she said. GM has about 
170,000 workers in the U.S. 

A Fidelity spokesman de- 
clined to comment on the 
matter, and a spokesman for 
the United Auto Workers 
union didn’t return calls seek- 
ing comment. @ 53670 
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Microsoft Delays 
HPC Availability 


Microsoft Corp. pushed back the 
release of a version of Windows 
Server for high-performance com- 
puting (HPC) until the first half of 
next year. Windows Server 2003 
Compute Cluster Edition was to 
ship by year’s end, but Microsoft 
said it needs more time to make 
the product easier to manage and 
deploy. The first beta version will 
ship in the second half of 2005. 


IBM Signs Reseller 
Deal With NetApp 


IBM has signed an agreement to 
resell Network Appliance Inc. 
storage products under the IBM 
logo. Under the pact, IBM will re- 
brand NetApp’s network-attached 
storage and iSCSI/IP SAN prod- 
ucts and software. The rebranded 
products will ship in the third 
quarter. The pact also calls for 
increased integration of NetApp’s 
products with IBM’s Tivoli Stor- 
age Manager software. 


VeriSign Beefs Up 
Server Supply 


VeriSign Inc., which operates the 
.com and .net domain names, 
plans to add more regional resolu- 
tion servers to its existing constel- 
lation to keep up with growing In- 
ternet traffic. The company oper- 
ates 18 Internet servers worldwide 
that handle more than 14.5 billion 
queries a day. VeriSign estimates 
that global Internet traffic doubles 
every 12 to 18 months. 


NEC, Sun Expand 


Integration Alliance 


NEC Corp. and Sun Microsystems 
Inc. are expanding an alliance te 
more closely link systems integra- 
tion, networking and middleware 
technologies. NEC will combine its 
Univerge voice-over-IP gear with 
Sun's SunRay blade servers, and 
the companies will promote the 
result as a SunRay reference ar- 
chitecture. Also, NEC will inte- 
grate its Valumo platform with 
Sun’s Java Enterprise System. 





NEWS 
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SAS, Hyperion Revamp BI Tools 


Both firms looking 
to provide broader 
user access to data 
BY HEATHER HAVENSTEIN 
AS INSTITUTE INC. and 
Hyperion Solutions 
Corp. this week will 
unveil revamped busi- 
ness intelligence offerings 
they said will meet enterprise 
demands for broader access 
to the tools among business 
users. 

At its international user 
conference in Philadelphia, 
SAS plans to roll out an en- 
hanced SAS Enterprise BI 
Server — a major component 
of its SAS 9 Intelligence Plat- 
form — with a simplified user 
interface for business users to 
conduct queries and analysis. 
In addition, SAS will an- 
nounce plans to bundle its 
OLAP Server with the enter- 
prise server so users can cre- 
ate cubes and view multidi- 
mensional data within reports. 

SAS officials said the updat- 
ed offerings target the low-end 
tools of rivals Cognos Inc. and 
Business Objects SA. 

“SAS has always been in the 
BI space, but it’s always been 
... Where the power users have 
been,” said Jim Goodnight, 
CEO of Cary, N.C.-based SAS. 
“We figured out a way to easi- 
ly hook all our analytics capa- 
bilities into the BI platform.” 

Atlanta-based Delta Tech- 
nology Inc., the IT division of 


Delta Air Lines Inc., rolled the | 


SAS 9 tools into production two 
weeks ago, said Brent Brown- 
ing, vice president of network 
systems at Delta Technology. 
His group is eyeing the new BI 
server for users in its pricing 
and revenue departments. 

“We're hoping to move SAS 
beyond the high-end analytics 
... and really make it an ad 
hoc reporting tool and stan- 
dard reporting tool in our 
environment,” he said. 

Cindi Howson, a faculty 
member at The Data Ware- 
housing Institute in Seattle 
and author of the independent 
“BI Scorecard” report, which 








evaluates BI tools, said the en- 
hancements are overdue be- 


| cause SAS has long been “tak- 


ing a beating for being too 
complex” for business users. 

With the new version of the 
server sophisticated users can 
access advanced analytics 
through a metadata layer, and 
business users can use a re- 
port-building wizard for easier 
access to data, she said. 


New Suite 


For its part, Santa Clara, Calif.- 
based Hyperion will detail an 
enhanced business perfor- 
mance management suite at 
its user conference this week 
in New Orleans. 

Hyperion Applications Suite 
4 features a single user inter- 
face that executives said will 
allow users enterprisewide 





to tap into its enterprise plan- 
ning, reporting and analysis 
products. It also provides a 
single Excel spreadsheet front 
end for users to read, write 
and interact with the new 
products. 

AutoTrader.com LLC, a beta 
user of the new suite, plans 
to use the planning module 
within it to give more users 
access to financial planning 
data, said Dan Crowe, CIO at 
the Atlanta-based company. 

“We don’t want planning to 
be in an ivory tower ... that 
has no context in reality,” 
Crowe said. “We're going to 
farm it out to all the directors 
who run the departments. 
We're trying to make the peo- 
ple who are accountable for 
the results be accountable for 
the plan.” @ 53674 


NEW PRODUCTS 
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— 
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New Chips, 


Standards 


Expected at SNW Event 


BY LUCAS MEARIAN 
New intelligent network man- 
agement chips, 4Gbit/sec. Fibre 
Channel technology and a mul- 
titude of iSCSI switches, con- 
trollers and network cards are 
anticipated at this week’s Stor- 
age Networking World (SNW) 
show in Phoenix. Attendees 
can also expect an update on 
the status of several storage 
standards during the event. 
Arun Taneja, founder of re- 
search firm The Taneja Group 
in Hopkinton, Mass., said that 
several “intelligent chips” in 
new products will be demon- 
strated for users at SNW. 
“These are intelligent proc- 
essors chip makers have been 
building for the past three or 
four years,” he said. The chips 
will play a key role in a flurry 
of announcements from net- 
work vendors, including 
EqualLogic Inc., LeftHand 
Networks Inc. and Entrada 
Networks Inc., Taneja said. 
Taneja also expects some 
system-level disk products to 
come out of the show, includ- 





ing a new Clariion array with 
an iSCSI interface from EMC 
Corp. The company is also ex- 
pected to showcase its Storage 
Router virtualization technol- 
ogy, which was unveiled at the 
SNW show last fall and is slat- 
ed to ship in the first half of 
this year. 


Making the Switch 
Meanwhile, Brocade Commu- 
nications Systems Inc. will be 
unveiling 4Gbit/sec. Fibre 
Channel switches as upgrades 
to its SilkWorm line. The Silk- 
Worm 4100 switch will sport 
an application-specific inte- 
grated circuit chip and is ex- 
pected to provide enhanced 
network-based management 
features and higher throughput. 
Storage Technology Corp. 
will disclose plans to resell 
Brocade’s new 4Gbit/sec. 
switches along with its latest 
array, the StorageTek FLX380 
storage system. The FLX380, 
also set to be unveiled at the 
show, builds on the FlexLine 
family of modular arrays but is 





expected to offer lower acqui- 
sition and expansion costs. 

LSI Logic Corp. will intro- 
duce its eight-port MegaRAID 
serial-attached SCSI (SAS) 
adapter, which is designed to 
allow users to mix and match 
higher-performance disks 
with lower-cost Serial ATA 
(SATA) disks. LSI will also un- 
veil its first SAS RAID 6 con- 
troller and an iSCSI array 
that’s designed to let adminis- 
trators build an IP-based SAN 
using SATA-based arrays. 

In addition to the vendors’ 
announcements, the Storage 
Networking Industry Associa- 
tion (SNIA) will use the SNW 
stage to announce that the 
Storage Management Interface 
Specification (SMI-S), a com- 
mon management interface 
for storage management soft- 
ware and devices, has been 
submitted to the InterNational 
Committee for Information 
Technology Standards. 

SNIA will also introduce 
SMI-S 1.1, which is intended to 
offer common management 
features between network- 
attached storage arrays, iSCSI 
arrays, tape libraries and a 
multipathing management ap- 
plication programming inter- 
face. @ 53668 
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iN 
U.S., ae Ter, 


LONDON 
HE EUROPEAN UNION and the 
Tes government are squabbling 
over the U.S.-imposed deadline of 
Oct. 26 for European travelers to carry 
biometric passports in order to enter 
the US. without a visa. 

Last month, the EU requested an ex- 
tension to Aug. 28, 2006, which is 
when EU member countries expect to 
have passports that work with facial 
recognition systems. But in a March 31 
letter, U.S. House Judiciary Committee 
Chairman F. James Sensenbrenner 
(R-Wis.) replied that an extension isn’t 
likely and urged the EU to speed up its 
development efforts. 

The US. already extended its original 
2004 deadline by one year. p-~=->--~ 
Negotiations between U.S. 
and European officials 
over another deadline ex- 
tension are continuing, but 
the dispute raises the pos- 
sibility of retaliation. The 
EU will decide in the next 
couple of weeks whether 
it will require U.S. citi- 
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their passports lack facial scans, a Eu- 
ropean Commission spokesman said. 
w LAURA ROHDE, IDG NEWS SERVICE 


RFID Will Open Gates 
PE ert Poon Gates 


DOSSELDORF, GERMANY 


« we 
HE 2.9 MILLION FANS Who are ex- 


pected to attend the World Cup 

soccer tournament in Germany 
next year will be given tickets sporting 
an embedded radio frequency identifi- 
cation tag. Organizers say it will be 
the largest-ever use of RFID at a 
public event. 

RFID technology offers a high de- 
gree of security, which is required by 
the German Interior Ministry, and 
should also help speed up entry at sta- 
dium gates, according to Gerd Gaus, a 
tournament spokesman. 
“The tags will contain no 
personal data — just a 
number that identifies 
each cardholder,” he said. 

But privacy activists 
criticized the plan be- 
cause fans applying for a 
ticket must submit vari- 


-o---- 


birth dates and passport numbers, on 
the ion form. 
w JOHN BLAU, IDG NEWS SERVICE 


Five Vendors Support 
EU Case vs. Microsoft 


PARIS 
IVE PROMINENT technology 
vendors last week banded togeth- | 
er to support the European Com- 
mission’s March 2004 ruling that 
Microsoft Corp. used its PC operating 
system monopoly to try to dominate 
the markets for workgroup server and 
media player software. 

IBM, Nokia Corp., Oracle Corp., 
RealNetworks Inc. and Red Hat Inc. 
applied as a group to intervene against 
Microsoft during the company’s appeal 
of the commission’s antitrust ruling, 
according to their representative, 
Thomas Vinje, a partner at law firm 
Clifford Chance LLP in Brussels. 

“Microsoft has been saying that the 
commission stands alone and that it 
didn't have industry support,” Vinje 
said. “This demonstrates that that is 
untrue.” 

Sun Microsystems Inc., Novell Inc. 
and the Washington-based Computer & | 
Communications Industry Association | 
Inc. all withdrew from the European | 
case last year as part of wider legal set- | 
tlements with Microsoft. @ 53624 
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Briefly Noted 


Former employees of a call center 
in Pune, India, were arrested last 
week on charges of defrauding four 
New York customers of Citibank NA 
to the tune of $300,000, according 
to a Pune police official. The three 
ex-employees of Mphasis BFL Ltd. 
allegedly obtained the customers’ 
ID numbers and transferred funds 
into their own accounts, police said. 
wm JOHN RIBEIRO, IDG NEWS SERVICE 


The Open Source Initiative, which 
approves open-source software 
licenses, on April 1 expanded its 
board of directors to include mem- 
bers from outside the U.S. The or- 
ganization added representatives 
from the Netherlands, Brazil, Sri 
Lanka and Taiwan. 

@ ROBERT McMILLAN, 

IDG NEWS SERVICE 


Hitachi Global Storage Technolo- 
gies Inc. said it’s field-testing disk 
drives based on perpendicular 
recording, a technology that could 
lead to 1B desktop drives and 20GB 
versions of its Microdrive in 2007, 
officials said last week in Tokyo. 

mw MARTYN WILLIAMS, 


zens to obtain visas to 
travel to EU countries if 


cybercrime last year. 


SOURCE: U.K. NATIONAL 
HETECH CRIME UNIT 


Fujitsu Launches itanium 
Servers for Linux, Windows 


Mainframe-class 
systems support 
32 processors 


BY ROBERT McMILLAN 
Fujitsu Ltd. last week intro- 
duced two Itanium-based 
servers designed to offer 
mainframe-class features to 
Windows and Linux users. 
The PrimeQuest 440 and 
480 systems, which have been 
in development for more than 
two years, represent Tokyo- 
based Fujitsu’s first attempt at 
building high-end systems 
around Intel Corp.’s 64-bit 
Itanium 2 microprocessor. 
Chiaki Ito, corporate execu- 
tive vice president, said at a 
press conference in San Francis- 


co that PrimeQuest is Fujitsu's 
next generation of mainframes. 
“However, this mainframe is 
different from the current 
legacy mainframes,” he noted. 
When the new servers be- 
come available in June, they 
will initially support only Red 
Hat Inc.’s version of Linux. 
Support for Novell Inc.’s SUSE 
Linux operating system and 
Microsoft Corp.’s Windows 
Server 2003 Datacenter Edi- 
tion software is expected by 
September, Fujitsu said. 
Electronic Data Systems 
Corp. is considering using the 
Fujitsu machines to consoli- 
date Windows applications on 
one box without the complexi- 
ty or expense of a clustered 
server architecture, said Stan 


ous types of personal 
data, such as their ad- 
dresses, phone numbers, 


Alexander, vice president of 
technology strategy and archi- 
tecture at EDS. “We're starting 
to see a lot more movement 
toward growing large work- 
loads on Windows,” he said. 
The IT services vendor pians 
to test its first PrimeQuest 
systems within the next sever- 
al months, Alexander added. 
The PrimeQuest 480 is a 
32-processor system that will 
ship with as much as 512GB of 
memory; the PrimeQuest 440 
will support up to 16 proces- 
sors and 256GB. The systems 
will eventually support as 
much as ITB of memory, but 
Fujitsu executives declined to 
say when that will happen. 
The systems will be able 
to handle the dual-core Itani- 
um processor that Intel plans 
to launch later in the year, 
which will increase the num- 
ber of processing engines 
supported on the PrimeQuest 


w PETER SAYER, IDG NEWS SERVICE 


Compiled by Mitch Betts. 


480 to 64, Fujitsu said. 

The company predicted that 
it will sell more than 10,000 
PrimeQuest units in the next 
three years, which would rep- 
resent an estimated $2 billion 
in revenue. 

PrimeQuest isn’t Fujitsu’s 
first foray into the Itanium 


market, but its earlier offering 


was limited to the Primergy 
server line, which supports 
only four CPUs. 

Though Itanium has failed 
to live up to initial expecta- 
tions for adoption by corpo- 
rate users, Unisys Corp., NEC 
Corp. and Hitachi Ltd. have all 
preceded Fujitsu in announc- 
ing mainframe-class systems 
based on the processor. 

Sales of Itanium servers 
totaled $1.4 billion last year, 
according to research firm 
IDC. Building servers that can 
add mainframe-class reliabili- 
ty to Windows and Linux ap- 


IDG NEWS SERVICE 


plications is a logical next sitep 
for server vendors, said ID(C 
analyst Jean Bozman. @ 53:678 


McMillan writes for the 
IDG News Service. 


spelled in a story that ran in last 
week's News section (“Tools 
Bridge IT, Operations”). 

Last week's Technology section 
story about IP-based storage 
(“Invasion of the iSCSI Arrays”) 
inaccurately described the num- 
ber of workers at Schenck Busi- 
ness Solutions. The Milwaukee- 
based accounting firm has a total 
of about 500 employees. 
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HIPAA 


formation Management Asso- 
ciation, which has about 
50,000 members, today plans 
to release the results of a sur- 
vey it conducted in January 
among privacy, security and 
compliance officers. Just 18% 
of the 1,140 respondents said 
their companies were fully 
compliant with the HIPAA 
security rules, according to 
Harry Rhodes, the Chicago- 
based association’s director 
of practice leadership. But 
another 44% said they were 
close to achieving compliance 
(see chart). 

“While it appears that orga- 
nizations are continuing to- 
ward compliance, there are 
many that are still struggling,” 
said Devin Jopp, chief admin- 
istrative officer at URAC, 

a nonprofit accreditation 
agency for the health care in- 
dustry. Companies are dealing 
with many of the same issues 
they cited as hurdles when 
Washington-based URAC con- 
ducted a similar survey last 
April, Jopp said. 

The compliance-related 
problems cited in the studies 
include technology and proc- 
ess integration issues, time 
and budget constraints, and a 
lack of understanding of how 


EV eM ELL Ges 


The HIPAA security rules re- 
quire health care companies 
to address the following areas: 


® Security standards for pro- 
tection of personal health data 
stored electronically. 

® Administrative safeguards 
for managing information secu- 
rity measures. 

® Physical safeguards for 
protecting health data. 


™ Technical safeguards relat- 
ing to the technology used to 
pene Neoeatin. 

® Organizational require- 
ments, including standards for 
® Policies, procedures and 
documentation requirements. 





to implement the rules. 

The security rules, which are 
being administered by the fed- 
eral Centers for Medicare & 
Medicaid Services, require all 
companies handling electronic 
health data to implement fully 
auditable steps for controlling 
access to confidential informa- 
tion and protecting it against 
compromise and misuse. 

But the rules document 
does not specify the technolo- 
gies that companies need to 
adopt. That “makes it kind of 
vague” for implementation 
purposes, said Mark Maher, 
security administrator at the 
Ochsner Clinic Foundation, 
which operates a hospital in 
New Orleans and 25 medical 
clinics throughout Louisiana. 

“Tt tells you what you have 
to do, but how you do it is left 
open to you,” Maher said. That 
has left a “lot of people con- 


| fused about what exactly is re- 


quired,” he added. 
Ochsner used a tool from 


| Continued from page 1 


Freddie Mac 


new software is helping the 
McLean, Va.-based company 
to automate its year-end 
financial reporting process 
and tighten its controls. 

It took Freddie Mac six 
months to issue its fiscal 2003 
earnings report, DeLeo said. 
Thanks in part to its develop- 
ment of Java-based reporting 
and reconciliation systems, 
the company issued its 2004 
report in half that time, he 
said. Freddie Mac expects to 
pare its year-end close to 15 
days this year and to just sev- 
en days in 2006, said Wilson 
Davis, who became vice presi- 
dent of finance technology 
services 18 months ago to help 
improve the company’s report- 
ing procedures. 

Closing in seven days would 
place Freddie Mac on par with 
blue-chip financial services 
companies such as Goldman, 
Sachs & Co. and Citigroup 
Inc., said Paul Healy, chairman 
of the accounting and control 
unit at Harvard Business 
School. 

Enabling Freddie Mac offi- 
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What is your organization’s 
level of compliance with 
HIPAA’s data security rules? 


18% 
UY 
compliant 


44% 
85% to 95% 
compliant 
26% 


About 50% 
compliant 


12%: Less than 50% compliant 


Base: 1,140 privacy, security and 
compliance officers surveyed in January 


consulting firm Meta Group 
Inc. to help it translate the 
HIPAA requirements into en- 
terprisewide policies, stan- 
dards and guidelines for com- 


| plying with the security rules, 


Maher said. 
As part of the process, the 


cials to close the books faster 
“would presumably allow 
them to know if there are 
problems more quickly so 


| they could respond more 


quickly,” said Healy. 

The bulk of the internally 
developed systems work with 
the PeopleSoft general ledger 
accounting software that Fred- 
die Mac has used for six years. 


Engines of Change 


The new systems have so far 


| come in stages. In 2003, Fred- 


die Mac built a portfolio sub- 
ledger system to pull all of its 
investment activities into a sin- 
gle system using data report- 
ing, data mapping and ETL 
(extract, transform and load) 
tools from vendors such as Mi- 
croStrategy Inc. and Ascential 
Software Corp., said DeLeo. 
Last year, Freddie Mac built 
valuation and amortization en- 
gines using Java to automate 
the securitization and resecu- 
ritization of mortgages, Davis 
said. Those tools, which Fred- 
die Mac began using in Au- 
gust, enable the company to 
close out its securities portfo- 
lio on an intramonth basis 
rather than having to wait until 
the end of each month to con- 








foundation has implemented 
measures for encrypting all 
outgoing e-mail that contains 


protected data, eliminating the | 
| companies that are struggling 
| with integrating their system 


use of the file transfer proto- 
col and requiring business 


| partners to connect only via 
| virtual private networks. 


Even so, the integration of 
system logs from multiple 
sources — which is needed to 
ensure that an audit trail ex- 
ists for all access to protected 
data — has been a huge chal- 
lenge, Maher said. Ochsner is 
currently evaluating products 
for integrating its logs. 

“One of the key issues with 
HIPAA is the audit-trail con- 
cept of having procedures in 
place [and] having account- 
ability,” said Christopher 
Borod, supervisor of network 
and technical services at Good 
Samaritan Health System in 
Lebanon, Pa. Good Samaritan 


| has deployed a security dash- 


board from NetIQ Corp. that 
automates the collection of log 


duct the valuations, he added. 
The $45 million budgeted 


| for this year will be spent par- 
| tially on packaged applica- 


tions to automate the compa- 
ny’s debt and derivatives oper- 
ation, according to Deleo. 
Freddie Mac will seek propos- 
als this summer. 

A chief factor behind Fred- 
die Mac’s improvements has 


| 
| 
| 
| 
| 





| 
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information from multiple sys- 


| tems, Borod said. 


But Jopp noted that he 
knows of “large contingents of 


logs for review.” 
The HIPAA rules set non- 
compliance penalties of up to 


| $25,000 per violation. But the 


enforcement process will be 


| initiated only if a complaint 


is filed against a health care 
organization. 

The lack of a strong en- 
forcement component has re- 
sulted in a somewhat “lack- 
adaisical attitude” among 
some companies, HIMSS’s 
Sensmeier said. There’s no ur- 
gency, she added, “because no 
one is going to be waiting to 
come into your organization 
on April 21 to see if you are 


compliant.” @ 53677 


MORE THIS ISSUE 


HIPAA compliance requires more than just 
writing a policy. Page 36 


been a close collaboration be- 
tween its business and IT or- 
ganizations, said DeLeo. “A lot 
of people talk about IT and 
business alignment. This is be- 


| yond that,” said DeLeo. For in- 


stance, he noted that on many 
nights, IT and business man- 

agers work side by side evalu- 
ating the company’s financial 


systems efforts. @ 53667 
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DON TENNANT 


A Plot Twist 


ALK ABOUT LOUSY TIMING. Right 

when Siebel Systems’ PR machine was 

entrenched in a campaign to get the 

press to write about the company’s 

improving performance under CEO 
Michael Lawrie, it had a cave-in when Lawrie was 
forced to explain first-quarter earnings results that 
were almost as lousy as the timing. 


It began as a classic PR 
maneuver: Convince the 
press to regurgitate the 
“Chapter 2” strategy 
Siebel introduced last Oc- 
tober [QuickLink 49926] 
by using Lawrie’s ap- 
proaching one-year an- 
niversary at the helm as 
the news hook. Then the 
quarterly-results bomb 
was dropped. At least the 
company’s marketing 
guys could take heart that 
they hadn’t used Roman numerals 
for the campaign. “Chapter II” looks 
way too much like “Chapter 11.” The 
jokes would have been relentless. 
Last week, instead of waxing poetic 
on his authorship of the new chapter, 
Lawrie, a 26-year IBM veteran who 
took the CEO reins from company 
founder Tom Siebel last May [Quick- 
Link 46697], had to account for his 
surprise that Siebel’s first-quarter 
revenue was so low. The CRM ven- 
dor now expects the figure to be in 
the range of $297 million to $300 mil- 
lion, down from analysts’ projections 
of $337.5 million and the $329.3 mil- 
lion it generated in the first quarter of 
last year. Siebel is looking at software 
license revenue of about $75 million 
for the quarter, compared with $126.8 
million in last year’s first quarter. 
According to a Siebel statement, 
Lawrie blamed the shortfall on “a 
combination of poor execution on 
our part, exacerbated by a challeng- 
ing economic and IT environment.” 
It turns out the company was count- 
ing on some contracts that didn’t get 
wrapped up by April Fool’s Day. 





What’s puzzling about 
all this isn’t the poor exe- 
cution. Hey, who among 
us is immune to that par- 
ticular affliction? The real 
head-scratcher is how the 
whole thing could have 
caught Siebel’s top brass 
so off-guard. 

It’s hard to imagine 
that this new PR initia- 
tive, which positions 
Lawrie as a savior who’s 
leading the company 

back to prosperity, would have been 
allowed to proceed if Siebel’s top ex- 
ecutives had the slightest idea that 
the business was faring as poorly as 
it was. You just don’t put your CEO 
under the spotlight unless you’re 

as certain as you can be that noth- 
ing’s going to happen that will em- 
barrass him and force him to tap- 





dance around hard questions. 
There’s no way for us to know if 
Lawrie really did try to explain the 
company’s surprising shortfall by re- 
ferring to problems that were exac- 
erbated by a challenging economic 
environment. The comments attrib- 
uted to Lawrie were very likely com- 
posed by the PR team (that’s just 
how these things work), and Lawrie 


| may or may not have actually signed 


off on them (sometimes a top lieu- 
tenant does that). If he didn’t, then 
he probably learned a lesson: that he 
needs to pay a lot more attention to 
the words being put in his mouth. If 
he did... well, that’s bad. 

We're talking about explaining 
something that was unexpected. To 
cite existing economic conditions 
as a reason for a surprising turn of 
events is nonsensical. It’s the kind of 
goofy statement that slips through 
when you’re fumbling for answers. 

In any case, it’s consistent with 
the premise that the company was 
out of touch with its own perfor- 
mance — something that won’t be 
lost on Siebel’s users. Let’s hope it 
does better in Chapter 3. @ 53636 
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MICHAEL GARTENBERG 


Microsoft’s 
Problem: XP’s 
Good Enough 


T’S BEEN QUIET on the 

client operating system 

front. IT managers haven’t 
had to face a major migration 


in quite some time. 

By my calendar, it’s been nearly four 
years since I installed the first beta of 
Windows XP that I deemed good 
enough for production use, and other 
than that first beta, Windows XP has 
worked rather well for me. I would 
even say that it’s the best operating sys- 
tem Microsoft has ever shipped. With 
Longhorn still lurking somewhere out 
in the mists of the distant future, it’s 
time to take a look at the Windows 
client platform and how well it’s still 
meeting business 
needs relative to 
competing products. 

This is the longest 
period of time that 
Microsoft has gone 
without shipping a 
new version of its 
operating system. In 
this period, we’ve 
seen numerous ver- 
sions of Linux 
emerge, each one 
more capable than 
the last, and Apple is 
on its third major re- 
vision of Mac OS X. 

While there are 

choices in the mar- 

ketplace that should 

be given serious con- 

sideration, I still con- 

clude that Windows ; 

is likely to remain the best one for bus- 
iness users. 

At first glance, Windows XP appears 
to have stagnated. Nothing could be 
further from the truth. XP has gone 
through two major service packs, both 
of which have increased security, relia- 
bility and robustness. A lot of effort 
has gone into XP as well, and we've 
seen MediaCenter and Tablet PC ver- 
sions emerge, both of which were sig- 
nificant for their markets, even if nei- 
ther had much of an impact on busi- 
ness users. MediaCenter is a consumer 
operating system with features focused 
on media and entertainment. The 
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Tablet PC has been relatively irrele- 
vant for business computing for a vari- 
ety of reasons, mostly related to a lack 
of compelling hardware or a killer app. 

But the bottom line is that XP has 
evolved from the standpoint of fea- 
tures, security, stability and reliability 
to a level that is good enough for most 
users. The ubiquitous nature of Win- 
dows means that it’s the platform of 
choice for application development (I 
can’t think of a mission-critical appli- 
cation that isn’t on the Windows plat- 
form), and every PC in the past four 
years has fully supported Windows 
with the appropriate hardware drivers. 

The ubiquitous nature of Windows 
means that it’s hard for other platforms | 
to gain an advantage. Both Linux and 
Mac OS have their adherents, as well 
as their uses within business comput- 
ing. But Linux still lacks the breadth of | 
applications (it’s notably lacking a ver- 
sion of Microsoft Office) and overall 
hardware compatibility, and Mac OS 
limits user choice to Apple hardware. 

But this isn’t necessarily good news 
for Microsoft. Business users have very 
different needs from consumers, and 
much of the recent XP evolution has 
been consumer-focused and related to 
media and entertainment features. So 
Microsoft is going to have a challenge 
of its own. Whenever Longhorn ships, 
the company for the first time will con- 
front a problem that its competitors | 
have faced over the years: how to get 
users to move off what is perceived as 
a stagnated and boring platform that is 
good enough for business use. The 
competition is going to have a chance 
to woo customers from Microsoft, and 
that’s why now is the time to be think- 
ing about your operating system plans 
two to three years out. @ 53499 
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DAN GILLMOR 


High Tech 
Meets the 
High Court | 


N MARCH 29, two 

cases went before the | 

U.S. Supreme Court 
for oral arguments. One, 
about computer file sharing, 
was important and widely covered. 
The other, about an Internet service 
provider’s fight with a cable company, 
was less celebrated but in the end may 
have an even greater impact. 





The first case — Metro- 
Goldwyn-Mayer Studios 
Inc. vs. Grokster Ltd. — is 
the entertainment indus- 
try’s latest challenge to 
peer-to-peer software. It’s 
also a dagger aimed at the 
heart of innovation, and the 
IT world will be among the 
losers if Grokster loses. 
In a nutshell, MGM and 
its allies in the entertain- 
ment industry and else- 
where say that Grokster is 
basically little but an instru- 
ment for copyright infringe- 
ment. Grokster and its allies 
point out that P2P technolo- 
gy has many legitimate uses, including 
the affordable distribution of nonin- 


| fringing digital videos and other con- 
tent that would be prohibitively expen- | 


sive to deliver via standard systems. 

Grokster won in lower courts, which 
based their decisions on the crucial 
1984 Sony Betamax case. In that one, 
the Supreme Court ruled (by the thin- 
nest, 5-4 margin) that VCRs couldn’t 
be sued out of existence just because 
they might (and would) be used by 
some people for infringement. The de- 
vices had substantial legitimate uses, 
too, the court ruled. 

That precedent has served us well. It 


Editorial Draws Responses in Favor of 


Brand X Internet LLC. 


| with the local cable company’s lines. 
| al Communications Commission’s 


| sically unregulated, and called it a 





| years because phone companies, then 


has particularly served the 
movie industry, by opening 
up a vast new market for 
movies sold on videotape. 

If the court overturns the | 
Betamax case or gives 
MGM and its allies what 
they want, technological 
innovation will take a big 
hit. If venture capitalists 
and tech companies have 
to beg for permission from 
one greedy and unscrupu- 
lous industry before daring 
to innovate, the rest of us 
will be poorer for that 
process. 

Overshadowed by the 

Grokster case that day was the FCC vs. 


Brand X is an Internet service pro- 
vider in Santa Monica, Calif., that was 
refused permission to interconnect 


The case reached the high court when 
an appeals court overturned the Feder- 


classification of cable Internet access 
as an information service, which is ba- 


telecommunications service. 
Service providers flourished — the 
Internet flourished — in their early 





urcing 


| the only access points, can’t refuse to 

| complete anyone’s call to anyone else’s 
| lines. The FCC’s classification gives 

| the cable companies the right to refuse 


carriage, and the FCC has also moved 
to give phone companies the right to 


| control the content of their high-speed 
| data pipes. This is dangerous. 


Part of the problem in this case is 
that the old classifications make little 
sense in a world where data — packets 


| — is the medium for everything. We 
| don’t want intrusive regulation of what 
| 


we can say and do online. 
But we are also moving into a world 


| where a typical community will have 


only one or two providers of high- 


| speed data access: phone and cable. If 


those providers are permitted to lock 
out competitors on the content side, 


| they will have achieved a media consol- 


idation that makes today’s look tame. 

The fabled “last mile” of Internet ac- 
cess is a choke point of serious value. 
The cable and phone industries that 
control that last mile have insisted that 
they wouldn’t abuse their power, but 
we can’t trust these monopolists to 


| behave well. @ 53544 
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| tures is laughable at best. Just be- 
| Cause outsourcing is good for one 


FTER SPENDING 90% of his 
Avert convincing us that he 
supports “farmsourcing,” Don Ten- 
nant asserts that sending IT work 
to rural areas of the U.S. because 
they're more familiar than offshore 


locales flies in the face of lofty goals | 


- multiculturalism and globalization 


[“IT Inbreeding,” Quicklink 53377). | 


Face it: The only reasons to send 
IT services offshore are to lower 
costs and to use the investment in 
another nation to help lever open 
new markets. | simply don’t believe 
that any offshoring decision is 
made to support multiculturalism 
and globalization. 

On the other hand, one of the 
hidden costs of offshoring often 
noted in Computerworld is over- 
coming differences in language and 
culture. If the gentleman from Opti- 
mal Solutions Integration who was 
cited in the editorial sees an advan- 
tage in farmsourcing, | believe he is 
demonstrating a solid understand- 
ing of the total cost picture. As far 


| as farmsourcing possibly being “un- 
healthy inbreeding,” the U.S. is the 
most multicultural and multiracial 
nation on earth. Is offshoring really 

| the only way we can interact with 
these diversities? 
Tom Unkefer 

| IT management 

consultant, Cleveland, 

tunkefer@sbcglobal.net 


| && |p USTIC”? “Hinterland”? 

“Inbreeding”? That's three 

derogatory references based on sil- 

ly stereotypes that many people on 

the coasts seem to have about the 

rest of the country. 

Tim Hack 

Underwood, Iowa 


T THE RISK OF being labeled a 


| | must admit that | disagree with 

| Tennant's comments. | agree that 

| we have a world economy that can- 
| not be ignored if a business is to 

| grow and prosper. However, IT isn’t 





the best place to gain exposure to 


different cultures and global market- | 


places. Make that the realm of the 
marketing people, not the IT group. 
Acompany’s IT organization con- 


| tains processes critical to the firm's 


success. To go overseas and ex- 


| pose the company to possible prob- 
| lems with leakage of critical infor- 


mation or misinterpretation of a 
project's goals and processes 
seems ridiculous when a suitable 


| alternative exists in the U.S. 
| Allan C. True 


| Senior computer engineer, 
| Grand Haven, Mich., 
| atrue@yahoo.com 


WORK FOR a multicultural compa- | 


ny and enjoy the opportunities 


| that having access to such a culture 
“livid offshore outsourcing foe,” | 
| pany's clients are very focused on 
| events and cultures in the U.S 


brings. However, many of my com- 


Telling them that their business is 
suffering because they don’t have 


| exposure to Chinese or other cul- 


| company doesn’t mean you should 
disparage other companies that 
| choose not to go that route Todo 
so is to become a multicultural elitist 
incapable of seeing value in non- 
| diversity. This is every bit as destruc- 
| tive as the ethnocentric business 
| person that Tennant disparages 
J. Alan Brown 
| Systems engineer, 
| Rising Fawn, Ga. 
More letters, page 23 


COMPUTERWORLD welcomes 

comments from its readers. Letters 

will be edited for brevity and clarity 

They should be addressed to 

Jamie Eckle, letters editor, Com- 

puterworld, PO Box 9171, 1 Speen 

| Street, Framingham, Mass. 01701 

| Fax: (508) 879-4843. E-mail 
letters@computerworld.com 
Include an address and phone 

| number for immediate verification 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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Continued from page 21 
Farmsourcing 


O TENNANT THINKS companies 
are outsourcing overseas because 
they want to increase cultural aware- 
ness and get diversity points? How 
absurd. It’s about the cost savings. 
Andy Jensen 
Portland, Ore. 


ANY COMPANIES outsource 
back-office functions, which 
aren't viewed as adding value to the 
companies’ success. In these situa- 
tions, having cross-cultural relations 
won't add to the knowledge base of 
the corporation at all. 
Doran Boroski 
Elmhurst, Ill. 


S AN academician-turned-IT- 
manager, | appreciate the concept 

of diversity; it is something we work hard 
at in the university environment. And di- 
versity is totally appropriate and desir- 
able in the global marketplace of ideas. 
However, I'm at odds with Tennant on 
two points: 1) When | call for computer 
support, I'm looking for facts, not ideas, 
and | want an understandable dialect on 
the other end of the telephone, no mat- 
ter where the support person is sitting; 
and 2) for those of us living here in what 
is an economically underdeveloped re- 
gion of the U.S., the concepts embed- 
ded in “farmsourcing,” as you call it, 
make complete sense, especially since 
our economy was based largely on to- 
bacco, which is going the way of our 
furniture and textile industries. 

Furthermore, farmsourcing is not 
necessarily an exercise in inbreeding; 
a strong regional IT industry would at- 
tract staff from a wide variety of back- 
grounds and locations, particularly if 
centered around a university as Cather- 
ine White proposes. We have students 
from 48 states and 60 countries; I'd 
say that represents significant diversity. 
Jack Brinn 
Interim CIO, East Carolina 
University, Greenville, N.C., 
brinnj@mail.ecu.edu 


UNDAMENTALLY, either one is 

opposed to globalization and out- 
sourcing of American jobs, or one is 
not. |am opposed. The downside of 
globalization is a dilution of individual 
cultures and beliefs. | understand that 
we live in a global economy, but we do 
not have to live in a diluted global cul- 
ture. | live in the most powerful and 
economically stable free society in the 
world, and | want to keep it that way. 


| 
| 
| 
| 
| 


| 
| 
| 
| 
| 
| 


| see the outsourcing of our most 
critical and important jobs as moving 
the economic and intellectual power 
base out of our country. What a won- 


derful thing it would be to offer a “Sili- 


con Valley opportunity” to Americans 


who by choice or birth live in an areaof | Reno, Nev. 


READERS’ LETTERS — 


QUESTION WHETHER offshore out- 
sourcing is the best vehicle for gain- 
ing exposure to other cultures and mar- 
| kets. I'm sure there are many ways to 
acquire diversity, if diversity is what 
your customers, shareholders and em- 
| ployees need, but | don’t think compa- 


| the country that was not blessed with 
wealth but by agriculture, property and 

| community. Farmsourcing sounds like 

a great way to provide jobs to fellow 

| Americans, 

Marcia Wilson 
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nies should go out and globalize them- 
selves just for the sake of ivory tower 
ideals. Also, there's a whole lot to be 
saic for a business pian that values the 
Culture that it operates in 


Cathy Taddei 
Portland, Ore. 


99% OF COMPANIES HAVE FIREWALLS OR ANTIVIRUS SOFTWARE. 


So how come 78% still get hit?* 


Odds are, you have first-hand experience with the vulnerabilities of 


existing security measures. So here's another statistic: Websense 


provides a proactive software solution that protects nearly 


20 million employees worldwide from web-based security threats 


Close the security gap 


www.websense.com/vi 


ee 
\ WJ,VEBSENSE. 


SECURING PRODUCTIVITY 


© 2005 Websense. inc. All nghts reserved. Websense is a registered trademark of Websense. Inc. in the United States and certain international markets *2004 C 





RAPID INTEGRATION 
AND DEVELOPMENT 


OR YOUR MONEY BACK 


Imagine your applications — both legacy and 


new — performing together as an ensemble. 

That vision can become a reality surprisingly 
quickly with Ensemble™ — the universal integra- 
tion platform with all the functionality needed to 
complete any type of integration project on time 
and on budget. 

Much more than a messaging engine, 
Ensemble is a fusion of architecturally-consistent 
technologies for integration, development, deploy- 
ment and management of composite applications 
that preserve and extend your legacy systems. 


InterSystems 


Ensemble is breakthrough software from 
InterSystems, a global company with over 25 
years of experience deploying and supporting high 
performance data management products in more 
than 100,000 systems, in 88 countries. 

We’re so confident that Ensemble is dramatically 
faster and easier to use than any other integration 
technology, we offer this money-back guarantee: 
For up to one year after your purchase, if you are 
unhappy for any reason we will refund 100% of your 
license fee. 

Rapid integration and development. Guaranteed. 


E+ ENSEMBLE 


Integrate Applications Faster 


Request a free proof-of-concept project at www.InterSystems.com/rowers 








TECHNOLOGY © 


Companies 

are finding 

that securing 
the network 
periphery is 
not enough and 
are adding mea 
sures to directly 
protect data. 

By Jaikumar 
Vijayan 


FUTURE WATCH 

Bulletproof Storage 

IBM is developing storage 
systems that are designed to 
repair themselves or be left 
unrepaired without jeopardizing 


data. Page 34 


S AN ORGANIZATION 

that is mandated by 

law to comply with 

data privacy and secu- 

rity regulations, The 

Henssler Financial 
Group has implemented all of the usu- 
al technologies, such as firewalls and 
intrusion-detection systems, to protect 
its perimeters and networks. 

About two years ago, the Marietta, 
Ga.-based company decided to aug- 
ment its security measures by deploy- 
ing a data-auditing tool from Acton, 
Mass.-based Lumigent Technologies 
Inc. behind its firewalls. 

Lumigent’s Entegra product allows 
Henssler to monitor data access, 
changes and views, and modifications 
to its SQL Server database structure. 

The tool is crucial to ensuring the 
integrity of the company’s stored con- 
tent, says Chief Technology Officer 
Tim O’Pry. 

“As a financial services company, if 





Data Warehouse Boost 

On a Budget 

Start-ups with new products that 
increase performance for ad hoc 
queries while lowering costs are 
challenging established data- 
warehouse vendors. Page 30 


PROTECTING DATA AT REST 
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SECURITY MANAGER’S JOURNAL 


HIPAA Compliance in 

30 Days or Less 

With HIPAA’s deadline fast approaching, 
C.J. Kelly decides that the information se- 
curity officer in charge of complying with 
the security rule needs an assist. Page 36 


someone does something they are not 
supposed to, we need to know that,” 
O’Pry says. An auditing tool such as 
Entegra allows Henssler to detect all 
database-related activity “regardless of 
what someone might do” to conceal 
that, he says. 

Increasing concerns over data loss 
and compromise are pushing compa- 
nies such as Henssler to consider 
measures for securing hitherto unpro- 
tected data lying in storage networks 
| and databases. The trend marks a 
shift from the traditional approach 
of deploying purely network- and 
perimeter-oriented defenses. 

Driving the trend are privacy regula- 
tions that require companies to 
demonstrate due diligence when it 
comes to protecting data, such as 
the Health Insurance Portability and 
Accountability Act (HIPAA) and 
California’s SB 1386 database-breach 
notification law. 

Continued on page 28 
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‘Thre t 
Companies have a variety of techno!l- 
ogy approaches to choose from for 
protecting data at rest, according to 
IT managers, analysts and vendors. 

The choice you make depends on 
the sort of threats that you need to 


protect against and how much 


its way in and out of storage systems. 
Other database encryption 
products, such as SecureDB from 


nCipher and DbEncrypt from Appli- 


Continued from page 25 

A less-stated yet equally important 
reason for the increased focus on data 
protection is that traditional network 
perimeters have begun to fade away. As 
companies use the Internet to link up 
with partners, suppliers and customers, 
the notion of a clearly definable network 
edge has fallen by the wayside. The 
trend is prompting greater scrutiny of 
technologies for protecting stored data. 

Also fueling concerns are incidents 
such as the recent string of high- 
profile security breaches at Choice- 
Point Inc., Bank of America Corp. and 
LexisNexis, each of which resulted in 
the compromise of large volumes of 
confidential data. 

“There are massive piles of sensitive 
data in storage networks and databases 
that have gone largely unprotected,” 
says Richard Moulds, a director at 
nCipher Corp., a vendor of encryption 
products in Cambridge, England. 
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Companies have myriad ways to try 
to protect such data, including mea- 
sures for access control, activity moni- 
toring and auditing, as well as encryp- 
tion of sensitive information, says 
Richard Mogull, an analyst at Stam- 
ford, Conn.-based Gartner Inc. 

Prat Moghe, president of Tizor Sys- 
tems Inc., agrees. “In terms of security 
technologies, there are many different 
approaches to this problem,” says 
Moghe, whose Maynard, Mass.-based 
start-up offers a data-access auditing 
tool similar to Lumigent’s. 

“Like any security problem, there 
is no one approach that is the best,” he 
says. “But every approach helps elimi- 
nate a certain kind of risk and helps 
complement another approach.” 

For instance, Lumigent’s technology 
allows Henssler to audit database ac- 
tivity better than the “triggers” that can 
be written to capture updates, inserts 
and deletes to databases, O’Pry says. 





Triggers can sometimes impose a 
heavy performance and storage burden 
on companies that have very large 
databases and high transaction vol- 
umes, he says. Entegra instead uses 
data agents to audit target servers. 

The agents harvest information about 
all activity that is going on inside 

the database and generate alerts or re- 
ports based on preconfigured rules or 
policies, O’Pry says. The reports can 
then be archived according to a com- 
pany’s needs. 

Other companies are using automat- 
ed tools to try to stay on top of vulner- 
abilities in their database technology 
that could be exploited by hackers. 

“The biggest problem we have right 
now is with HIPAA,” says Mark Maher, 
security administrator at Ochsner Clin- 
ic Foundation, which operates 24 health 
care clinics in the New Orleans area. 

“We have between 12 and 20 data- 
bases that hold extremely sensitive in- 
formation and which various applica- 
tions need to access,” 
Maher says. “We need 
to ensure that only 
the correct informa- 
tion is accessed.” 

To do this, Ochsner 
is using AppDetective 
from New York-based 
Application Security 
Inc. to scan its data- 
base environment for 
known vulnerabilities 
and to do penetration 
tests with simulated 
attacks. AppDetective 
also provides an au- 
diting function that 
lets Ochsner verify the robustness of 
usernames and passwords of people 
who have access to databases. 

“We have tried to secure things as 
much as possible” at the database 
level, says Maher. AppSecure’s tech- 
nology allows Ochsner to see just how 
effective those measures are, he says. 

AppSecure products are designed to 
protect Oracle, Microsoft SQL Server 
and Sybase database environments, 
according to the vendor. 


Handle With Care 


Encryption is another core strategy 
for protecting stored content, but it 
has to be applied with care, says Gart- 
ner’s Mogull. There are several prod- 
ucts on the market today, so compa- 
nies have a variety of encryption op- 
tions. Some tools allow companies to 
encrypt all the data that’s resting in 
storage tapes and disk arrays. Others 
allow for more selective file-level en- 
cryption, and some offer column-level 





Like any secu- 

rity problem, 

there is no 
one approach that is 
the best. But every ap- 
proach helps eliminate 
a certain kind of risk 
and helps complement 
another approach. 


PRAT MOGHE, PRESIDENT, 
TIZOR SYSTEMS INC 
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| protection within the database. 


Whatever the scenario, it’s impor- 
tant for companies to realize that en- 
crypting everything everywhere is un- 
necessary and can result in increased 
complexity and serious performance 
problems, Mogull says. 

“Use encryption to protect only data 
that moves, physically or electronical- 
ly, or to enforce segregation of duties 
for administrators,” Mogull wrote in a 
Gartner report released in February. 

Another area where encryption 
can be used is on mobile devices. The 
proliferating use of notebooks and 
handheld devices makes encryption a 
must, says Randy Maib, senior IT con- 
sultant at Integris Health Inc. in Okla- 
homa City. 

The health care organization has 
started using technology from Dallas- 
based Credant Technologies Inc. to 
protect content on about 1,000 person- 
ally owned and company-issued hand- 
helds, even though it has no formal set 
of policies relating to 
their use. 

Credant’s Mobile 
Guardian software is 
designed to let com- 
panies protect con- 
tent on handhelds 
that are used by mul- 
tiple people — such 
as a device that’s 
used to input patient 
information in a 
hospital or clinic. 
The technology fea- 
tures access-control, 
data-encryption and 
user-permission 
functions that ensure that each user 
has access to only the content he’s 
authorized to view. 

The tool also automates the dis- 
covery of new and unauthorized hand- 
helds that are connected to a corpo- 
rate network and enforces compli- 
ance with security policy, Maib says. 
A centralized administration function 
allows Integris to create audit logs 
and reports related to the security 
status of the devices used within its 
networks. 

Such capabilities are crucial in an 
environment where an increasing 
number of physicians have begun stor- 
ing sensitive patient information on 
their handhelds, Maib says. 

“Any device that wants to synchro- 
nize with our network would need to 
have [Credant’s software],” he says. 

Jason Jaynes, director of product 
management at Credant, says the com- 
pany is seeing increasing demand 
from users such as Integris. 
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ensure that confidential 

data isn’t being misused. 
On a hospital network, 

these types of tools could be used to 


M 


users a way to centrally 
create, edit, manage 
and audit policies that dictate which in- 
formation is accessed, by whom it is 
accessed, the purpose for which it is 
accessed, and how it is shared, stored 
and destroyed. 

- Jaikumar Vijayan 





“As many as 40% of business users 
have lost a mobile phone, and 25% 


| have lost a PDA in an airport or a taxi- 
| cab,” Jaynes says. “That’s a problem 


when you couple that with the fact that | 


| less than 10% of such users have taken 


measures for protecting” the content 


| on their systems, he says. 


When measures are taken, automat- 
ed database-level protection tools al- 


| low companies to keep track of data- 


base changes better than homegrown 
approaches can, says Margarita Mura- 
tova, database administrator at Cal- 
gary, Alberta-based RSM Richter LLP, 
one of Canada’s largest independent 
accounting firms. 

The company is using Lumigent’s 
tools to monitor and audit activity 
across its SQL Server database environ- | 
ment. It has encrypted confidential 
data in its core human resources data- 
base with a product called DbEncrypt 
from AppSecure. And AppSecure’s 
AppDetective allows Richter to locate 


| vulnerabilities and software misconfig- 


| urations and to apply patches and up- 
| dates if they’re available. 


The tools “take a bit of space, memo- 


| ry and processing capacity,” says Mu- 


ratova. “But it’s been worth it,” in terms 
of the content-level protection they 
provide, she says. “We can see who se- 


| lected data from which table and why 


this person looked at the data and what 


| they did with it,” she explains. 


Ultimately, the key to protecting 


| stored content is to apply the same ac- 


cess-control, monitoring and incident- 
response approaches that companies 
have used for years to protect their 


| perimeters and networks, says Ted 
| Julian, vice president of marketing at 


AppSecure. 
“There is no silver bullet here,” says 
Julian. “Bringing security to stored 


| data needs to be part of building a lay- 
| ered defense. But we don’t have to 


reinvent the wheel. We know what the 


| methodology needs to be. We just need 


to know how to apply it to this area.” 
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Start-ups are challenging estab- 
lished data warehouse vendors 
with products that increase perfor- 
mance for ad hoc queries but cost 
less. BY ROBERT L. MITCHELL 


HEN PREMIER INC.’S 
medical databases 
began bogging 
down last year, the 
San Diego-based 
provider of clinical data put its data 
warehouse in a box — literally. 

Premier sells access to clinical data 
it gathers from 400 hospitals to phar- 
maceutical manufacturers. Last year, 
the company’s IBM Red Brick data 
warehouse had grown to 3TB, and one 
table included 3 billion entries. “When 
you go through 3 billion rows of data, 
you get long runtimes,” says Chris 
Stewart, director of data warehouse 
architecture. 

The problem wasn’t just the size of 
the database, however, but how clients 
used the data. “Our users want to ac- 
cess all of the data from top to bot- 
tom,” says Stewart, and the complex, 
multipass queries created by Premier’s 
4,000 users each week were slowing 
performance. Some wouldn't run at all. 

Instead of adding to its 24-processor 
Solaris server infrastructure or making 
further attempts to optimize the data- 
base, Stewart brought in an all-inclu- 
sive data warehouse appliance from 
Netezza Corp. in Framingham, Mass. 
Some calculations that took one or two 
days now finish in six to eight minutes 
on the appliance’s 108 processors. Pre- 





mier still uses Red Brick for most 
queries, but the NPS 8150 appliance 
handles the “really, really ugly ques- 


| tions” that weren’t possible to process 


before, he says. “We couldn’t offer the 
product offerings we do today” with- 
out the appliance, Stewart says. 

As data warehouses continue to grow, 
more users are demanding access to 
business intelligence (BI) tools to con- 
duct data-mining exercises across 
large data sets. “We’re talking about 
using every single call-detail record 
generated in the last three years,” says 


i The problem 
of querying 
data sets that are 
growing at over 
100% a year has 
led to what might 
be called a data 
warehouse 
capability gap. 


Data Warehouse 


BOOST 
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Claudia Imhoff, president of Intelligent 
Solutions Inc., a consulting firm in 
Boulder, Colo. It’s hard for database 
administrators (DBA) to create aggre- 
gations of data, such as summariza- 
tions, that can facilitate the processing 
of these complex queries because users 
often don’t know in advance what 
they’re looking for. “These unplanned 
questions are the ones that knock the 
stuffing out of databases,” she says. 

But such queries are increasingly 
seen as business-critical, says William 
Fellows, an analyst at The 451 Group in 
New York. “The problem of querying 
data sets that are growing at over 100% 
a year has led to what might be called 
a data warehouse capability gap,” he 
says. While market leaders like Tera- 
data, a division of NCR Corp. in Day- 
ton, Ohio, offer integrated systems to 
address this for high-end applications, 
Netezza and others are jumping in with 
moderately priced systems that don’t 
require the same high-end hardware 
and software investments as those 
from IBM, Oracle Corp. and Teradata. 

It’s an interesting trend but still a 
small part of the $16 billion market for 
data warehouse hardware and software, 
says Dan Vesset, an analyst at IDC. 


SMALL PLAYERS, 
BIG DATABASES 
Some start-ups offer only software, 
while others include software and 
hardware in a single bundle or appli- 
ance. But all use a parallelization 
scheme that involves symmetric multi- 
processing or a massively parallel pro- 
cessing architecture. Designs vary, but 
all are based on the partitioning of data 
across servers — something Teradata 
has been doing for years, says Fellows. 
“There’s nothing new under the sun in 
terms of approach here except packag- 
ing and price,” he adds. While Netezza 
and competitors like to position them- 
selves against Teradata, the company 
still dominates on the high end, he adds. 
Netezza’s NPS appliance abandons 
database indexes in favor of direct table 
scans, using brute-force processing to 
get the job done. The system includes 
its own database, with specialized field 
programmable gateway array (FPGA) 
logic that links processors and storage 
to speed up I/O. A system comparable 
to Premier’s, with 4.5TB of disk space, 
sells for “a little more than a million 
dollars,” says Netezza CEO Jit Saxeena. 
By dumping the indexes, Premier’s 
database dropped from 3TB to ITB. 
The system is sufficiently fast that 
Stewart now uses the appliance to both 
process queries and build the data- 
aggregation tables that he loads into 
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the Red Brick data warehouse. 
Start-up Calpont Corp. in Rockwall, 


Texas, is developing a similar appliance | 


that hard-codes the database on an 
FPGA chip. Because it will store the 
data on a solid-state disk, or synchro- 


nous dynamic RAM, however, it will be | 


targeted at smaller data sets. A 128GB 
box capable of supporting 40GB to 
50GB of data will have a price tag in 
the “couple hundred-thousand dollar 
range,” says CEO Jim Janicki. “We 
wanted a brute-force engine to handle 
everything we could throw at it,” he 
says of the device, which is scheduled 
to ship by midyear. 

Datallegro Inc. in Aliso Viejo, Calif. 
is rolling out a turnkey system that 
functions much like the Netezza appli- 
ance, but it’s built using off-the-shelf 
components. “We’re taking standard, 
commodity servers with an open- 
source database,” says CEO Stuart 
Frost. Datallegro’s 3TB P3000 includes 
21 dual-Xeon-processor servers, each 
connected to 12 Western Digital Corp. 





TECHNOLOGY — 


timizing the Data Warehouse 


FROM TERADATA TO NETEZZA, vendors of integrated systems de- 
signed to optimize data warehouse performance use a “shared nothing,” disk-cen- 
tnic parallelization scheme. The query passes to a parsing engine or symmetric multi- 
processing (SMP) front end, which optimizes it and breaks itinto chunks. The pars- 
ing engine hands that work off to a massively parallel processing system. Multiple 
parallel processing units then retrieve data from direct- or network-attached disk 


drives, but each accesses its own dedicated data set. The answer sets are joined, 
and the result is presented to the requestor. Ina Teradata system, the architecture in- 
cludes SMP servers with proprietary interconnect hardware and EMC Fibre Channel 
SANs. Some appliance designs use Intel-based servers running Linux and direct- 
attached storage. Netezza's design uses proprietary hardware that includes gate- 
array logic to optimize |/O between the processors and disks. 
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DATA WAREHOUSE ACCELERATION APPLIANCES 


Raptor drives, and will sell for 
$450,000 when released this month. 
Frost is targeting Oracle customers 
with databases in the ITB to 5TB range 
and up to 300 concurrent users. 
Metapa Inc. takes a similar approach 
but lets users buy their own compo- 
nents based on its specification, rather 
than bundling everything together. 
Users “can assemble systems that are 
just as fast as the high-end data ware- 
houses at a fraction of the cost. We 
don’t believe you need a specialized 
ASIC chip to get there,” says Scott 
Yara, founder and president of the San 
Mateo, Calif., start-up. The total price, 
including Metapa’s Cluster DataBase 
— due to ship in the second quarter — 





and required hardware, will be half the 
cost of a Netezza appliance, he claims. 
Clareos Inc.’s CrossCut software, now 
available, adds yet another twist. In- 
stead of using database tables, it com- 
bines a BI reporting tool with a spread- 


| sheetlike data model that creates a 


single, flat file of rows and columns. 
“The next generation of BI tools will 
have a flat file structure that will be 
very fast,” predicts Steve Foley, CEO of 
Herndon, Va.-based Clareos. CrossCut 
software and recommended hardware 
to process 146GB of data costs about 
$65,000. But the product differs from 
products like Netezza’s in one key re- 





Foley says. Competitors that use vec- 
tor-based processing to support a real- 
time decision-making application in- 


| clude Alterion Inc. and Aleri Inc., says 


Fellows at The 451 Group. 

By contrast, Teradata’s integrated 
systems connect clusters of high-per- 
formance servers using a proprietary 
high-speed interconnect called Bynet 
and store data in a Fibre Channel stor- 
age-area network. The vendor focuses 
on allowing large numbers of concur- 


| rent queries in a mixed-workload envi- 


ronment and supports “active data 
warehousing,” where databases are 


| continuously updated, says Stephen 
spect: CrossCut is a read-only database | 
| that doesn’t provide update capability, 


Brobst, chief technology officer. He 


| sees the start-ups’ products as best 


Nielsen’s Data Mart Factory 


FOR MICHAEL BENILLOUCHE, 
director of technology and IT services at 
ACNielsen’s Paris offices, tuning the data- 
base is the key to a high-performance data 
warehouse. Benillouche's organization has 
produced thousands of data marts as part 
of a project he calls the Data Mart Factory. 
His group takes a 4TB master data ware- 
house that includes regularly updated data 
from retailers and runs it through a system 
that cranks out 3,000 client-specific data 
marts that ACNielsen presents to 1,000 
customers in the retailing and consumer 
product manufacturing industries. Each 
data mart is refreshed weekly. 
ACNielsen uses an Oracle9i data ware- 
house on the back end and uses DMEx- 


Synesort Inc. in Woodcliff Lake, N.J., to ag- 
gregate data for output into individual data 
tage of Oracle-specific optimizations was 
the key to good performance. The project 
required some 100 Oracle programmers for 
18 months. He says he couldn't get those 
Oracle-specific optimizations if he used a 
data warehouse appliance like Netezza's 
that supports only generic interfaces such 
as SQL-92. “If you properly 

tune the application and-code, 

you're able to gain by a factor of 

100. You need a human to un- 
derstand the algorithm of the 

code and business logic to 

fewrite it better, and no system 

can match that,” he says. 


BENILI 


But Benillouche’s customers are inter- 
ested in very specific subsets of data and 
specific aggregations. If you can build the 
queries beforehand, investing in improving 
the program algorithm and low-level data- 
base programming functions and calls 
makes the most sense, he says. But users 
running a business intelligence tool to do 
ad hoc queries to a data warehouse might 
fare better than with data warehouse appli- 

ances, Benillouche acknowl- 
edges. If the SQL queries are built 
on the fly, and you have no con- 
trol over them, he says, “this is 
where you would benefit from 
a Netezza rather than a standard 
Oracle/Unix combination.” 

- Robert L. Mitchell 


OUCHE 





suited for single-function, low-end 
data marts and cautions that “data 
marts end up replicating data.” 

But that’s a trade-off users may be 
willing to make when cost is a factor. 
“With an IBM or Teradata solution, 
your scalability is in large chunks,” 
says the vice president of infrastruc- 
ture at a large financial services com- 
pany that’s beta-testing a Datallegro 
system. The incremental cost for 
adding capacity to an appliance can be 
a small fraction of what it costs to up- 


| grade his Sun Microsystems Inc. sys- 

| tem. He is cautious about buying from 
| asmall vendor, but adds, “If they can 

| deliver the same or better performance 


at 20% of the cost of an IBM or Tera- 
data solution, then you have to do it.” 

Most of these systems take a black- 
box approach to optimization, which 
means DBAs can’t do any tuning. That 
paradigm shift may be the toughest 
sell, says Intelligent Solutions’ Imhoff, 
and it’s definitely a weakness for 
Michael Benillouche, director of tech- 
nology at ACNielsen Corp., who 
prefers to optimize his Oracle data 
marts (see story at left). 

But Premier’s Stewart sees that as 


| an advantage. “My DBA staff has more 


time for development instead of hand- 
holding a database. We don’t need to 
build in cycles to make queries go 
faster,” he says. 

In traditional systems, ad hoc 
queries that bog down the data ware- 


| house are restricted, says Imhoff. Now 
| IT can spin off a subset of data to more 


groups for business analytics without 
supplying DBA resources. “If I can 
bring in a technology that doesn’t re- 
quire an army of DBAs, great Scott, 
what a boost,” she says. @ 53449 
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TECHNOLOGY 


Managing Expectations 


Autonomic computing initiatives moving 
ahead steadily, says IBM’s Alan Ganek 





Autonomic computing 

is alive and well as an 

effort to increase the 
self-managing capabili- 

ties of systems, accord- 

ing to Alan Ganek, IBM’s 

vice president of auto- 

nomic computing and 

chief technology officer 

of the company’s Tivoli 
Software subsidiary. Ganek re- 
cently discussed new directions 
for autonomics with Computer- 
world’s Matt Hamblen. 


Two or three years into autonomic 
computing, is it a success? | hear 


and then it hits you:// 


customers say they still 
don’t understand it. 
Autonomic computing 
is a journey. We’ve gone 
from something where 
people were skeptical 
about what the word 
autonomic meant to 
having 50 partners 
working on it. Some 
choose to use the word auto- 
nomic in marketing, and oth- 
ers don’t. 


What will happen next in auto- 
nomic computing? We need to 
expand the field of what 





we're doing already. There 
are a number of components 
that could make behavior 
more coherent, like console 
and monitoring and problem- 
determination technology. 
Second, there is more and 
more managing of system 
complexity and the processes 
people deal with. Over the 
course of next year, we'll be 
working very hard to bring 
customers an approach to 


managing processes across 


different silos that they have. 
You have your management 
team, your security and net- 
work management team, 
which operates system by sys- 
tem. We want to change that 


to one that says, “What are the | 


| Has your definition of autonomic 


the HAL computer. But we’ve 


| community has latched on. We 





major tasks, availability, end- 
to-end and configuration man- 
agement and release manage- 
ment?” and take those tasks 
and expand that to a clearer 
approach for customers to 
manage processes. 


computing changed in the past 
two years? Some members of 
the press overreact to the idea 
of autonomic and liken it to 


taken a very pragmatic ap- 
proach to it, and we’re build- 
ing up capability so that it pro- | 
vides value to customers as 
we go forward. But generally, 
this is a genuinely new area of 
research, and the academic 


now have international con- 
ferences sponsored by the 


best and brightest devoted to | 





autonomics. 
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Autonomic computing is 


| alive and well and delivering 
| real value and making real 


progress. We’re providing 


| pragmatic instrumentation 
| and common componentry for 
| IT systems. 


Autonomic is all about 


| providing increasingly self- 
| Managing capacity to IT sys- 


tems to improve the balance 
for what people do and what 


| machines do. 


Right now, people do error- 
prone, tedious work, and com- 
puters can do a lot of that so 
people have higher-level tools 
to allow them to be creative. 
That’s the balance we’re 


shooting for. @ 53590 


MORE FROM GANEK 


For more on new Tivoli initiatives and what 


| it's like to work inside IBM, go to 


QuickLink 53023 
www.computerworld.com 
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Disk systems will 
repair themselves 
or can beleft un- 


repaired for years. 


By Lucas Mearian 


orade 


TECHNOLOGY 


fora 


eeeseoeees 


YOU CAN FLY A TWO-ENGINE PLANE with one 
engine, but how many passengers 
would want to be on it? 

That’s the idea behind “bulletproof 
storage,” a concept that IBM has been 
developing for two years and plans to 
begin unveiling incrementally — 


over the next one to three years. F RE 


“TJ think the basic idea we’re 





work cards, power supplies and soft- 
ware. By building more-robust storage 


=| systems that can defer replacement of 


failed parts for up to three years be- 
cause of redundant components, IBM 
believes it can also eliminate many hu- 
man errors that happen when failing 
components are replaced. 


| A Matter of Time 


According to Stanley Zaffos, an analyst 
at Gartner Inc. in Stamford, Conn., the 
bulletproof storage concept still has 
another five to 10 years before it’s 
broadly embraced by users. But once 
it is, storage systems will require less 
maintenance and, therefore, cost less 
to maintain. 

“We know how to build very reliable 
code. We use appliances every day that 
have software built into them that 
work forever: your auto- 
mobile, your calculator, 
the disk drive in your PC, 
your telephone,” Zaffos 
says. 

But IBM is looking to 
attack far more complex 
systems than telephones 
or calculators. 

Under its bulletproof 
initiative, IBM is address- 
ing disk-sector failures 
that grow along with disk 
capacity. While disk ca- 
pacities double every 
12 to 18 months, uncor- 
rectable read/write error 
rates haven’t improved, 
nor has the probability of 
an uncorrectable error 
occurring on a disk read 
decreased. There are 
more sectors on today’s 
disks and, therefore, a greater chance 
of an uncorrectable error. 

The answer, Menon says, is to create 
self-healing capabilities for storage 
management software and more- 
robust RAID configurations. 

IBM says that in about a year it will 
release storage systems that can sup- 
port three simultaneous disk-drive fail- 
ures in a single array by introducing 
additional parity disks into RAID con- 

- figurations, offering many 
times the resiliency of a RAID 
configuration with two parity 


going after is we really want the WATCHE disks. Today, standard systems 


storage system to be something 
the customer just doesn’t worry 
about,” says Jai Menon, an IBM fellow 
and chief technology officer of storage 
systems. 

IBM’s technology initiative deals 
with fault tolerance in every part of a 
storage system: disk, controller, net- 


allow for only two disk failures. 
But Zaffos argues that 80% of 

downtime today is caused by user 
error and software failures, not hard- 
ware failures. He says that the failures 
resulting from software are created by 
complexity and that there is an almost 
infinite number of failures that can 
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occur in a complex system. 

IBM is addressing those code fail- 
ures with a software project called 
N-Version Programming, where two 
pieces of code in the same application 
save data and then compare the data 
to ensure that there are no errors. 

In N-Version Programming, two 
copies of data are protected using dif- 
ferent means. One copy might be pro- 
tected by standard RAID-5 program- 
ming coded by Programmer A. 

The second copy is protected by a 
different algorithm coded by Program- 
mer B. That way, if the first copy gets 
corrupted due to a particular bug in 
the program written by Programmer 
A, then the second copy can be used. 

“The second copy may have its 
own bugs, but they will manifest in 
different ways at different times, and 
when they do, the first 
copy will be the one 
which is good and which 
we can then use,” Menon 
says. “It’s kind of like 
having a second person 
check the work of a first 
person and keep fixing 
it whenever it finds mis- 
takes.” 

One way IBM plans to 
detect and correct cor- 
rupted data is to create 
more-resilient storage 
software with repairable 
data structures. The 
code checks that certain 
conditions, which are 
described in rules, are 
met. For example, in 
a file system with multi- 
ple files, the sum of the 
space taken by the files 
plus the free space in the system must 
be equal to the total available space. 
The code will check this property 
automatically at various times and use 
a procedure to repair and fix problems 
if the property isn’t met. 

In this case, the software isn’t check- 
ing the code to see that it’s functioning 
properly and isn’t checking data con- 
tents. If certain properties aren’t met, 
the software knows how to fix the data 
structures. 

But don’t expect to see fruit from 
N-Version Programming or checkable 
data structures for another two to 
three years, Menon says. 

“At some point, you'll have to accept 
that the way these things are built, 
there will be some things that fail,” he 
says. “You have to be able to isolate 
that failure to a small part of the sys- 
tem. You have to be able to recover 


from it very rapidly.” @ 53417 
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IP Conversion Takes Off in Vancouver 


BY MATT HAMBLEN 
The Vancouver International 
Airport Authority in British 


Columbia has just completed a | 


four-year project in which a 
single IP network was built to 
support voice, data and video 
airport communications sys- 
tems that used to run on 30 


| 
| 
| 


Vancouver airport itself by 
33%, from $7.5 million down to 
$5 million, he adds. 

The most recent additions 
to the airport’s IP network 
were 1,100 IP phones, all in- 
stalled in January, that are 
used by ticket agents and air- 
port workers, Molloy says. 


used by airlines, Molloy says. 
Some of the functions on the 
new network serve 1,000 
closed-circuit security cam- 
eras and 1,500 televisions, as 
well as 60 self-service check- 
in kiosks inside the 


| airport and another 
| 20 at hotels and con- 


loy says. The kiosks, which are 


shared by all of the airlines, 
have helped convince the air- 


lines to give up their networks. 


The authority was able to 


| save costs by consolidating so 


many networks, and it could 

then build in network redun- 

dancy and split the network 
core across two ter- 
minals, Molloy says. 
Every edge switch is 
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cell phones. Molloy estimates 


| that voice over Wi-Fi could 

| cut $250,000 annually from 
the $400,000 spent each year 

| on cellular service. “That ab- 


solutely interests us,” he says. 
The IP network and the 

common kiosks support a 

range of new value-added ser- 


| vices, Molloy says. For exam- 


ple, automatic border-patrol 
services are now available on 


networks. 
One of the biggest chal- 
lenges was making the IP con- | 


The phones and the IP back- 
bone are all provided by Cisco 


the kiosks, which are fitted 
with iris-scanning cameras 


| vention spots in Van- 
couver. The wireless 


redundant, and phones 
and check-in counters | 
are wired so that a 


¥ 


versions in an airport that’s 
closed only three hours a day, 
says Kevin Molloy, CIO and 
vice president of simplified 
passenger travel at the author- 
ity. “We couldn’t shut down 
for a month for a rollout,” he 
says. The project, estimated to 
cost about $4 million (U.S.), 
will reduce annual network 
costs for 22 airlines and the 


and then it hits you:// 





Systems Inc., with design ser- 
vices from Vancouver-based 
Telus Communications Inc. 

Telus and Cisco worked 
with the airport to set up a 
test lab to ensure that the IP 
phone launch went smoothly, 
says Judy May, industry solu- 
tions manager at Cisco. 

The converged network has 
brought together seven airport 
networks and 23 networks 


| backbone, he says. 





baggage-security rec- 
onciliation system 


and the airport’s pub- ‘ 


lic Wi-Fi hot spots 
are also on the new 


The airport author- 
ity and several air- 
lines created the common 


| kiosks by following an inter- 


national standard used by sev- 


| eral kiosk manufacturers, Mol- 





0) me) S's 
voice over Wi-Fi 
eam] 
considered. 


| 
| 


disruption of the net- 
work on one side of 


out only every other 
check-in counter. 


for new IP phone ap- 
plications, the authority is 
weighing wireless voice over 
Wi-Fi, which would be used 
by airport workers carrying 


the airport will knock 


| that a passenger can use to by- 
pass long customs lines once 


an initial background photo 
and security check have been 


| logged into the system. Al- 
| ready, 4,000 passengers have 
In addition to plans | 


signed up for the service. 
In addition, the authority 


| has sold its kiosk service to 


smaller, regional airports that 


| can’t afford to build new net- 
| works, Molloy says. @ 53602 
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HIPAA Compliance 
In 30 Days or Less 


With the deadline looming, our security 
manager gives an assist to the fellow in 
charge of meeting the mandates of the 
security rule. By C.J. Kelly 


IPAA. We are all sick of 

the acronym by now, 

and the April 20 com- 

pliance deadline for 
the Health Insurance Portabil- 
ity and Accountability Act is 
looming. 

At the state agency where I 
work, the information security 
officer (ISO), who is responsi- 
ble for HIPAA security rule 
compliance, has spent —— 
the past seven 
months or so writing 
policies and proce- 
dures. He divided 


“required” (stuff we 

have to do) and “ad- 

dressable” (stuff we'd better 

be thinking about doing). 
When I came aboard, only 

one of the policies had been 


SECURITY 
MANAGER'S 
them into two groups: JOURNAL 


—- 


source Guide for Implement- 
ing the Health Insurance 
Portability and Accountability 
Act (HIPAA) Security Rule,” 


| was just what our ISO needed: 


a step-by-step guide to com- 
pliance. A table on page 13 of 
this handy document defines 
each standard of the rule, 
identifies its section number 
and outlines implementation 
specifications, not- 
ing which ones are 
required and which 
are addressable. 
Even better, pages 16 
through 54 describe 
various “key activi- 
ties” and provide 
sample questions. This was 
the perfect project outline to 
give to a HIPAA newbie. 

I went one step further and 


approved by the agency chiefs. | took the NIST outline and 


Everything is done by consen- 
sus here — if one chief doesn’t 
like a single sentence, the poli- 
cy is rejected, edited and then 
resubmitted. I was starting to 
panic about the approaching 
deadline. If we can’t get the 
policies approved, we certain- 
ly can’t implement them. 

I did what any respectable 
security professional would 
do under the circumstances. 
First, I asked each chief to 
support the policy-approval 
process. Next, wanting to find 
a template that would be 
widely accepted but not want- 
ing to reinvent the wheel, I 
went to the Web site of the 
National Institute of Standards 
and Technology (NIST) and 
downloaded every available 
document related to security 
and compliance with the 
HIPAA security rule. 

Special Publication 800-66, 
titled “An Introductory Re- 





plunked it into Microsoft Proj- 
ect, defined major milestones, 
allocated resources and hung 
the Gantt chart on my wall. I 
also printed all of the related 
NIST documents and put 
them in a big binder. 

I wanted to show my ISO 
how to formulate a project 
plan. I wanted him to under- 
stand what he was going to 
be held accountable for and 
how short the time frame for 


You can’t just write 
a policy, put it in 
a binder, label it 
‘HIPAA Security 

Rule Compliance’ 
and call it a day. 





implementation was. 

When I showed the plan to 
my boss, I felt the need to 
apologize for my microman- 


| agement. “I don’t usually go 
| to this length with a direct re- 


port, but I need to get through 
to this guy that this is the 
quality of work we expect 
from him. He needs to execute 
this plan. If he can’t, then he 
shouldn’t be the ISO.” My boss 
agreed. 


In the Same Boat 


I discovered that many state 
agencies are in the same boat. 
HIPAA requires them to ap- 
point ISOs. But most agencies 
don’t have much security ex- 
pertise, and many agency ad- 
ministrators view the ISO role 
as more of an administrative 
function than a technical one. 
They’re wrong. The HIPAA 
security rule is completely dif- 
ferent in implementation from 
the privacy rule in that it re- 
quires technical resources. 

It’s true that the administra- 
tive safeguards form the bulk 
of the ruling, but even with 
those, you need a technical 
understanding of how things 
work. 

For instance, you can’t con- 
duct a risk assessment without 
understanding the vulnerabili- 
ties of a networked computing 
environment. And you can’t 
develop security incident- 
response procedures without 
understanding what consti- 
tutes a true security breach 
and how to detect one. 

And when it comes to con- 
tingency planning and disaster 
recovery, you need a back- 
ground in things such as con- 
ducting an impact analysis and 
testing a disaster recovery 
plan. 

You can’t just write a policy, 
put it in a binder, label it 
“HIPAA Security Rule Com- 
pliance” and call it a day. And 
you can’t assume that the 





physical safeguards are admin- 


| istrative in nature. For exam- 


ple, in the area of device and 


; media controls, how do you 


keep someone from carrying 


| off EPHI (that’s electronic 


protected health information) 


| using one of those little USB 
flash devices? Do you disable 


USB ports on all computer 
systems, or can you disable 
the use of such devices 
through Active Directory 
or third-party software? 
When you finally get to the 
technical safeguards, you have 
to deal with things like audit 
controls. Determining what 


| type of audit controls will be 


deployed and what types of 
activities will be tracked can 
be quite a project, depending 
on the size of the organization. 
Then you still have to decide 
where the audit trails will be 
stored, who can have access 

to them and how the audit 
record will be secured from 
tampering. 

Fortunately, my agency has 
several well-qualified techni- 
cal people who, even without 
any direct security experience, 
have done a fine job of setting 
up the infrastructure so that 
the changes that need to be 
made will be relatively 
straightforward. 

And it helps that the major 
systems that handle most of 
our EPHI transactions were 
outsourced two years ago and 
are now in the process of be- 
coming certified as HIPAA- 
compliant. In fact, without 
that card on the table, the 
game would be lost. 

I’m confident that our ISO 
and agency will hit the com- 
pliance date without a hitch. 
But I am grateful to NIST for 
providing the level of docu- 
mentation that it has and very 
thankful indeed that my 
agency made a decision to 
outsource years before my 
arrival date. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “C.J. Kelly,” whose 
name and employer have been disguised 


| for obvious reasons. Contact her at 


mscjkelly@yahoo.com, or join the dis- 
cussion in our forum: QuickLink a1590 
To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 
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Red Hat Patches 
Critical Hole 

® Red Hat Inc. is warning en- 
terprise Linux users to update 
their installations of XFree86 
to fix a number of serious se- 
curity bugs, some of which 
could allow attackers to take 
over a system. Affected oper- 
ating systems include Enter- 
prise Linux AS 3, Enterprise 
Linux ES 3 and Enterprise Lin- 
ux WS 3, Red Hat said in an 
advisory. XFree86 is an imple- 
mentation of the X Window 


tems such as KDE and Gnome. 
The most serious flaw is an 
integer overfiow in the libXpm 
library, used by some applica- 
tions in opening XPixMap im- 
ages, Red Hat said. An attack- 
er could use a malicious XPix- 
Map file to execute code on a 


user’s system. 


MCI to Offer DoS, 
Worm Blocking 

™ MCI Inc. is expected to 
launch a security service this 
month that the company says 
will thwart denial-of-service 
and worm attacks. The ser- 
vice, called WAN Defense, 
detects threatening traffic and 
stops it from hitting customer 
networks. MCI is using Arbor 
Networks Inc.’s PeakFlow SP 
network behavior anomaly- 
detection products to deter- 
mine whether a network is 
being attacked. The carrier 
is also using Cisco Systems 
Inc.’s Mitigation to remove 
bad packets from the flow. 


DHS Funds Audit 
Technology 


@ Network Resonance Inc. an- 
nounced that it has received 
funding from the U.S. Depart- 
ment of Homeland Security to 
build a production version of 
its Authoritative SSL Auditor. 
The technology enables orga- 
nizations to produce authori- 
tative records of all secure 
communications over Secure 
Sockets Layer and Transport 
Layer Security. 
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Paisley Launches 
Hosting Service 

® Paisley Consulting in Cokato, 
Minn.., is offering hosted services 
for its Risk Navigator, AutoAudit, 
CARDmap and Focus business 
accountability software. Under 
the standard hosting model, cus- 
tomers can purchase perpetual 
software licenses and then pay 
Paisley to host the software on its 
servers. Pricing starts at $5,000 
per month for a standard number 
of users and dedicated memory. 
The company also offers an ASP 
pricing model that’s set up on a 
per-user, per-month basis, with 
no separate licensing or mainte- 
nance fees required. The price 


per user varies based on quantity, | 


with a minimum charge of 
$5,000 per month. 


Cisco Upgrades 
Support Tools 


® Cisco Systems Inc. announced 
the Cisco SMB Support Assistant 
service to help small and midsize 
businesses with basic setup, di- 
agnostics and troubleshooting for 
computer networking hardware. 
The service is available through 
Cisco channel partners; pricing 
wasn't disclosed. Cisco also an- 
nounced enhancements to Cisco 
Network Assistant, a free, PC- 
based network management ap- 
plication for small and midsize 
business networks. Version 2.0 
offers expanded support for Cisco 
devices and drag-and-drop fea- 
tures, according to Cisco. 


BelnSync Releases 
Remote Access App 


® BelnSync Ltd. has released 
BelnSync Pro 1.5, the latest ver- 
sion of its secure peer-to-peer 
new version lets users share any 
folder without moving it from its 
original location and includes a 
wizard-based interface for mak- 
ing file synchronization and shar- 
ing faster and easier, according 
to the Tel Aviv-based vendor. 
BelnSync Pro 1.5 sells for $59.95 
per year for use on up to three 
computers. 





TECHNOLOGY 





CURT A. MONASH 


www.computerworld.com 


‘Platforms’ 
For the Future 


O HEAR IT VENDORS TALK, everything is 
either a “platform” or a “solution.” A few 
extra-special offerings are even presented 
as being both a platform and a solution. I 
flinch at both those words and give great 
grief to vendors who pitch me using one or both of them. 


Almost no marketing pitch 
containing the concept of 
“solution” is remotely hon- 
est. Usually, a product that 
might credibly be part of the 
solution to a problem is 
falsely presented as solving 
the whole thing. And those 
are the less-bad usages of the 
word, in which marketers ac- 
tually suggest some kind of 
problem that the so-called 
solution might solve. , : 

The situation with platforms, however, 
is not quite as dire. While traditional 
marketing about platforms is generally 
bogus, the concept of “platform” is still a 
useful one, and it’s worth examining how 
the term is changing in meaning. 

In its classic meaning, platform is most 
commonly used to denote a set of oper- 
ating software — such as an operating 
system or database management system 
— upon which a large portion of IT in- 
vestment rests. In Crossing the Chasm 
and subsequent books, Geoffrey Moore 
popularized the idea that to achieve 
large-scale IT product success, a vendor 
needed to establish a market-dominating 
platform. The route to fabulous wealth 
went something like this: Introduce the 
first, best entry in a specific platform 
product category; garner the most appli- 
cations, partner support and market 
share; enjoy the “tornado” of a virtuous 
circle as everybody supports the winner; 
and ultimately kick back as a “gorilla” 
and enjoy the monopolylike advantages 
of dominant market position. And in- 
deed that pretty much is the story of 





IBM, Microsoft, Oracle, 
Cisco and Intel, not to men- 
tion Sun, Apple, Novell and 
myriad other second-tier 
successes as well. 

However, the heyday of 
that kind of platform is pret- 
ty much over. Moore himself 
helped cause the decline; by 
pointing out what lay be- 
neath the phenomenal suc- 
cess of Microsoft et al., he 

er inspired the IT industry 
never to let such success be easily re- 
peated. And thus there are almost no 
new proprietary platforms these days. 
Or if there are, their vendors aren’t able 
to exploit them. 

Almost everything that resembles an 
important new platform is instead open- 
standard or even open-source. Even 
when a single-vendor standard does 
sweep the industry, such as Sun’s Java or 
Microsoft’s Internet Explorer, it is so 
wrapped in openness that the vendor 
doesn’t actually make much money from 
its accomplishment. 

Several candidates have emerged to 
replace the old integrated platforms. 
Open standards such as service-oriented 
architectures have filled some of the 
gaps. On the product side, vendors stung 
by price competition are splitting tradi- 
tional platform product types into multi- 
ple parts. These typically include a com- 
modity-priced base configuration plus a 
variety of premium-priced “server” op- 
tions or add-ons. Other factors, such as 
the increased role of appliances, support 
a renewed emphasis on servers as well. 


Indeed, the main point of platforms was 
something that now is a bit obsolete — 
support for application development. If 
you developed software on top of the 
platform’s APIs, you were assured of 
good support and a large, addressable 
market. Specialty servers, however, fit 
well with the trend that has systems ad- 
ministration costs rising in importance 
compared with those of programming. 
Proprietary APIs may now be taboo, but 
there’s nothing wrong with having a 
nice, uniquely easy-to-use administrative 
console that gives your server lower 
TCO than your competition’s. 

The true future substitute for platform 
technology, however, may come ina 
slightly different area than those men- 
tioned so far. Perhaps the most over- 
looked aspect of IT strategy is the long 
list of different kinds of information IT 
is called upon to manage. At most com- 
panies, a full list is over a dozen cate- 
gories long, and each category needs to 
be managed in a very specific way. 
Almost every enterprise has traditional 
OLTP data, a data warehouse, a set of 
plans and forecasts, e-mail, identity/ 
presence data, a network/IT asset data- 
base, network/security event data, 
source code, published marketing con- 
tent (at least on a Web site), generic doc- 
uments and a catchall category I'll call 
“analytic event capture” that subsumes 
Web site logs, manufacturing equipment 
data, RFID data and the like. Also com- 
mon but less universal are engineering 
designs, call center logs and many other 
information types. Every single one of 
these requires a different information 
management system. Those manage- 
ment systems — and, even more, the real 
or virtual databases they manage — are 
the true IT platforms of the present and 


future. @ 53596 
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The Power of Analogy Strategic Security | Career Watch 
Analogies can be a quick means to a big-picture Tactical fixes don’t cut it anymore. A Who gets hurt by an economic 
strategy in the highly ambiguous world of IT. But if growing number of security managers uptick? Also, employees who blog on 
you're careless, the big picture they provide may be | say it’s time to approach information | their own time need guidance from 
the wrong picture, says Jan W. Rivkin, an associate security as an operational risk- their companies. And the hiring 
professor at Harvard Business School. Page 44 | | management issue. Page 48 | forecast from Robert Half. Page 49 





ay you live in 

interesting times,” 

goes the old curse. 
That's right, curse. Stable, 
comforting, even flat-out 
boring eras are the ones to 
live in, apparently. If that’s 
true, corporate IT is enjoying 
a Golden Age. 


Clearly, there have been more exciting 
times in IT. Budgets continue to be 
squeezed. Security, consolidation, regulato- 
ry compliance and other important-but- 
unsexy projects dominate the landscape. 
The “next big thing” is elusive. 

The result: Enthusiasm is hard to muster. 


“It’s probably tougher [today] to clear a ma- a 
jor project than it’s ever been,” says Joseph comm me 
i Balcom, director of enter- 
steve prise solutions at Gtech ™~s 


faltisi@ee [Joldings Corp., a West a 
hn Greenwich, R.I.-based Ul 


transaction-processing company. 


“You've got to have a crystal-clear busi- a 
ness case if you’re going to get funded,” says ro ects 
Balcom, who recently managed Gtech’s up- 
grade of its SAP ERP software. 

“When you go through a period like this, 
with [IT] spending down and conservative 
management the rule, the corporate culture 
in most organizations prevents anyone from 
introducing brand-new technologies or ap- 
plications,” says Jim Shepherd, an analyst at 
AMR Research Inc. in Boston. 

In the midst of this grind, it’s a challenge 
for CIOs to keep their senior management 
colleagues and business partners excited 
about IT. When the right projects come 
along, can CIOs still persuade their CEOs 
to cut the big checks? 

In the right circumstances, yes. Technolo- 
gy managers who have undertaken costly 
projects in this conservative environment 
insist that where there’s a will, there’s still a 
way. Make no mistake, there are no more 
blank checks in large-scale IT. But even in 
these ho-hum times, it’s possible to build 
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both buzz and commitment. 

When Auto Warehousing Co. recent- 
ly spent $40 million on a new process- 
ing facility, CIO Dale N. Frantz faced 
an uphill battle in convincing the com- 
pany to install a new wireless network 
and spend an extra $500,000 or so (not 
including in-house developers’ time) 
to upgrade the handheld devices used 
by the Tacoma, Wash.-based company. 

“Our CEO is not especially tech- 
savvy,” Frantz says. “The IT depart- 
ment was always seen as a drain of 
funds, and the [dumb] scanners had 
worked for 15 years.” 

To persuade the CEO, Frantz 
doggedly cost-justified the 802.11b 
wireless LAN he wanted [QuickLink 
50970]. “By nature, he’s skeptical of 
both spending and IT, so he always 
wanted more estimates,” Frantz says of 
his boss. After a “reluctant” green light 
for the project, Auto Warehousing’s 
LAN paid off when the company was 
able to reduce the number of employ- 
ees tracking vehicle identification 
numbers from more than 20 to three. 
That benefit was persuasive enough 
even for the CEO, and Frantz’s team is 
now taking another of the company’s 
facilities wireless. 


Death by Committee 

The challenge at Auto Warehousing 
was personality-driven: A key execu- 
tive was an IT skeptic. But according 
to AMR’s Shepherd, today’s ambitious 
IT plans are more likely to face death 
by committee, because many compa- 
nies have created demanding technolo- | 
gy steering groups and justification 
procedures. 

That’s the case at Regions Financial 
Corp. “We have a technology council 
chaired by our CEO,” says John Dick, 
CIO at the financial services firm in 
Birmingham, Ala. “Everything needs to | 
go through a rigorous approval that re- 
quires business justification and a 
technical architecture review.” 

Dick’s team is in the process of mod- 
ernizing a proprietary risk manage- 
ment application. In squiring the proj- 
ect through the justification phase, he 
says, the key was helping business ex- 
ecutives grasp the competitive advan- 
tage to be gained. “We have a reputa- 
tion for superior credit management, 
so in discussing that, I knew we’d hit 
the sweet spot,” Dick says. 

He closed the sale by tying the pro- 
posed expenditure to credit manage- 
ment, which Regions Financial views 
as its secret weapon. “I reminded [the 
board], ‘Our company succeeds 
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On the face of it, motivating 
ee 

to be an IT scouee’e an 
challenge now. That's be- 
cause the sluggishness of the industry has 
slowed job movement. “It may be tough to 
motivate people, but it’s not hard to retain 
them,” says AMR Research analyst Jim 


Shepherd. 

But motivating IT workers today can be 
especially difficult because so many of 
their toys have been taken away. Research 
consistently shows that one great way to 
reward IT professionals - especially those 
who shun the management track for indi- 
vidual contributor roles — is to let them 
work with the hottest technologies on the 
most challenging projects. With blue-collar 
projects dominating IT, a key motivational 
tool has been removed from the box. 

But John Baldoni, principal of Baldoni 
Consulting LLC and author of several 
books, including Great Motivation Secrets 
of Great Leaders (McGraw-Hill, 2004), 
says it can still be done. “It's up to man- 


manage credit,” Dick says. Thus, in 


| one fell swoop, he both demonstrated 
| that the project was tightly linked to 
| business goals and appealed to a key 
| point of pride. The project was funded, | 


and its first phase is complete. 


Clinical Commitment 


| St. Luke’s Health System Inc. in Kansas 


City, Mo., encompasses nine hospitals. 


| tion histories, and doctors could view 


Leading ina Lull 


agers to create conditions for people to 
succeed,” Baldoni says, and that's true no 
matter what the environment. He offers 
the following tips on managing during list- 
less times: 

® Be honest. If the workplace is clear- 
ly a bit ho-hum, don't pretend otherwise. 
You'll only hurt your credibility. Instead, 
appeal to your staff's professionalism. “Tell 
people, ‘Right now, our job is to keep the 
enterprise running through IT. Let's do that 
job as well as we can,’ ” Baldoni says. 

= Empower and delegate. |f 
ground-breaking projects aren't there to 
offer stimulation, “grow people in their 
jobs,” Baldoni says. Offer cross-functional 
training, and feed management responsi- 
bilities to those who want them. 

® Sacrifice and inspire. While dele- 
gating is key, its opposite - working in the 
trenches once in a while - boosts morale. 
For example, if job cuts leave you short- 
staffed, you might work a few shifts on the 
help desk. 

~ Steve Ulfelder 


| applications to help nurses and physi- 


cians do their jobs. For example, nurs- 
es could search for patients’ prescrip- 


X-rays remotely. 
When the kiosks had been up and 


| running for several months, St. Luke’s 


| physicians weren’t using them as much 


For over a year, St. Luke’s has had clini- | 


cal kiosk systems on most hospital 
floors. Each kiosk included a stripped- 


| down PC running terminal-emulation 


software from Citrix Systems Inc. On 
top of the Citrix software sat packaged 


69 It’s probably 
tougher [today] 
to clear a major 
project than it’s 
ever been. 


JOSEPH BALCOM, director of 
enterprise solutions, Gtech Holdings Corp. 
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CIO John C. Wade and his team began 
to notice that nurses and, in particular, 


as they had initially. Interviews re- 
vealed one major reason: Users faced a 


| time-consuming double sign-on proc- 


ess; they had to log into Citrix and 
then log into the health care applica- 
tions. Busy clinicians quickly became 
annoyed by the queues. 

“The double sign-on was a nice IT 
solution, but it wasn’t meeting users’ 
needs,” Wade says. 

St. Luke’s project manager Todd 
Hatton led an effort to develop an ele- 
gant fix: Citrix would run constantly in 
the background so the doctors and 
nurses would need to log on only once. 

Even better, Hatton’s group devel- 
oped split-screen technology so that 
the application used by physicians al- 
ways occupied half the screen, while 
the nurses’ application occupied the 
other. Practically, only one person at a 
time uses a kiosk. But having both wel- 
come screens up at once proved invit- 








ing to the health care workers. 

According to Wade, programming 
costs for the upgrade ran only $120,000 
to $135,000. But for the application to 
work properly, St. Luke’s had to replace 
about 1,000 monitors, most of which 
were far from obsolete, with expensive 
flat-panel displays. 

“That cost us,” Wade says, declining 
to name a dollar figure. “I had mem- 
bers of the management committee 
say, ‘We’re spending enough on IT, and 
by the way, I'd like to see more of it 
spent in my area.” And that commit- 
tee controlled the purse strings. 

Wade’s response to the objections 
was to count on the committee’s com- 
mitment to clinical excellence. He 
pointed out that the existing kiosks 
were going unused and that meant pa- 
tients weren't getting the best possible 
care. The committee was persuaded, 
funding for the project was approved, 
and the improved system has been in 
production since March, with use and 
satisfaction up dramatically. 


Educational Mission 

At Creighton University in Omaha, the 
radiology department of the health, 
sciences wing wanted to find a way for 
doctors affiliated with Creighton to 
read X-rays at home. “We're trying to 
teach residents to read X-rays,” says 
Brian A. Young, vice president of IT. 


| That involves obtaining second and 


third opinions from established physi- 
cians. And getting those opinions is 
much easier if the doctors can assist 
the residents from their homes. 

To do that, Creighton needed to se- 


| cure sufficient bandwidth to transmit 


the large files and to extend virtual pri- 
vate network capabilities to physicians’ 
homes to keep the data secure. 

In selling the project to university 


| officials, Young, like Wade at St. 


Luke’s, focused on the altruistic bene- 
fits of the program. “You have to en- 
gage the heart and mind,” he says. 


| Young stressed Creighton’s education- 


al mission and the fact that the univer- 
sity was in a position to offer better re- 
mote health care to needy people in 
rural parts of Nebraska. 

Whether your organization’s goal is 
increased profits, a competitive edge, 
improved health care or better educa- 
tion, demonstrating how your IT proj- 
ect will help reach that goal is the key 
to revving up interest among your 
business colleagues and loosening up 
the purse strings. @ 53300 
Ulfelder is a Computerworld contribut- 
ing writer. Contact him at sulfelder@ 
charter.net. 
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Analogies are to strategy as blue- 
prints are to buildings. Just be sure 


« 


you've got the right blueprint. 


Low-end chips are to 
Intel Corp.'s future as 
concrete reinforcing bars 
were to U.S. Steel’s. Un- 
less you know the history 
of the steel industry, that 
analogy will leave you 
cold. But it compelled 
former Intel CEO Andy 
Grove to change his 
product strategy. 

In this month’s Harvard Business 
Review, Jan W. Rivkin and Giovanni 
Gavetti explain how managers often use 
analogical reasoning to make strategic 
decisions. Rivkin, an associate professor 
in the strategy unit of Harvard Business 
School, told Computerworld’s Kathleen 
Melymuka that to harness the power of 
analogy, managers must also under- 
stand the pitfalls. 


So, analogies are powerful, but they can lead 
you astray? An IT example got me onto 
my soapbox on this. Everyone knows 
the Dell story. Compaq, IBM, HP and 
Gateway have all tried to match what 
Dell has done, but no one has been 
able to. Once, after I'd taught the Dell 
case, a student came into my office and 
said, “I’ve thought over the Dell story, 
and I’ve decided I want to become the 
Michael Dell of the pizza delivery busi- 
ness.” I said, “That sounds exciting, but 
if you mean you want to make pizza to 
order, we kind of already have that.” 


What are the core elements of analogical 
reasoning? You start with a target prob- 
lem. This is the setting for which you 
want to create a strategy. Through 
some process of similarity mapping, 
you identify a source environment that 
is similar in its essentials. From that 
source environment, you grab a candi- 
date solution — the thing that worked 
well in the source environment. You 
translate that solution to the target 


environment. For example, Thomas 
Stemberg, who founded Staples, was ex- 
ploring a possible new business that he 
thought could be the Toys R Us of of- 
fice supply. In that case, office supply is 


| the target, the toy business is the source, 
and Toys R Us is the candidate solution. 


| What does analogical reasoning do for me? 
| There’s enormous efficiency in think- 


| ing that way. You get a whole bundle 
| of solutions: what it should look like, 





| shopping carts, checkout counters, 


style of retailing, logistics. The ques- 
tion remains whether office supply 
really does resemble the toy business. 


Why is analogical reasoning so useful in 
a field like IT? Analogies are most pow- 
erful in settings where there’s not 


| enough clarity to use deductive rea- 
| soning nor so much ambiguity that 
| you have to go for trial and error. Many 


pockets of IT have this middle ground 
that’s familiar enough to make links 
to more familiar settings but not clear 


| enough to identify cause and effect. In 
| that middle ground, analogies may be 
the only options we've got. 


Give me an example. Intel for many years 
resisted entering the low end of the 
market. Then [Harvard Business 


| School professor] Clayton Christensen 
| introduced them to an example in the 


steel industry. U.S. Steel had let mini- 


| mills take over the low end with cheap 


concrete reinforcing bars called rebars. 
He pointed out that this was the begin- 
ning of the troubles for the U.S. steel 


| business. Once the minimills got a 


beachhead at the low end, they moved 
up. At Intel, this really struck a chord. 
Andy Grove feared if they ceded the 


| low end of the market, the high end 


| might follow. He even began to refer to 


| low-end PCs as “digital rebar,” and 
| soon thereafter Intel introduced the 


Celeron processor to fight it out on the 
low end and prevent other companies 
from getting a beachhead. 

In this case, the analogy wasn’t 
about learning from someone’s success 
but trying to prevent a repeat of some- 
one’s failure. It was about what they 
thought U.S. Steel should have done. 


Tell me about some of the drawbacks to 
analogical thinking. The core pitfall is 
choosing a source based on superficial 
similarities to the target. When Ford 


| was looking at redesigning its supply 
| chain, it turned for guidance to Dell’s 
| key principle of virtual integration. 

| There is good reason to look at Dell. 





Some aspects of what it does look like 


| what Ford does. They both take fairly 
| standardized components and assem- 
| ble them into a vast variety of models. 


But other things are quite different. 


| A large portion of Dell’s cost advantage 
| comes from the fact that virtual inte- 
| gration enables it to buy inputs late. A 


PC that arrives from Dell has a micro- 


| processor bought later than the micro- 


processor bought for another supplier. 


| Ina setting where the price of micro- 
processors declines dramatically over a 
| short period, that difference translates 


into a large cost advantage for Dell. But 
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| prices in the auto process are not com- 

| ing down so rapidly, so the power of 

| virtual integration and less inventory 

| is not nearly as great. The good news is 
that Ford didn’t fall into that trap. 


Another potential problem is the anchoring 
effect. Can you explain? People get at- 
tached intellectually and emotionally 
to their analogies, and it’s very hard 
to shake. If you look at Sun, Scott Mc- 
Nealy often uses analogies drawn from 
the auto business. He argues that buy- 
ers should be interested in the whole 

| package, not the components, because 

| when they buy a car, they care about 

| the whole car, not where the carbure- 
tor comes from. But you have to ques- 
tion how dispassionately he can assess 

| that analogy. His father worked for 

| years in the auto business, and his sons 
are named for auto models: Maverick, 
Scout, Colt and Dakota. 


Tell me about confirmation bias. It appears 
| that human beings tend strongly to 

seek out data that confirms their be- 
| liefs and invest too little in seeking out 
| disconfirming data. We like to be right. 
If analogies come into our heads, we 
can always find elements of reality to 
confirm our belief in them. 


With all these pitfalls, how can | make sure 
I’m using analogies properly? You proba- 
bly can’t make analogies 100% safe, be- 
cause you're using them in a setting 
where there’s ambiguity and you can’t 
really figure out cause and effect. In 
the most exciting parts of the IT sec- 
tor, this is often exactly the situation. 

Careful reflection can allow you to 
do better, but it requires that you first 
recognize what your analogies are. 
Often, they’re really hidden. Does 
McNealy realize he’s using car analo- 
gies all the time? Probably not. 


OK. | recognize my analogy. Now what? You 
test the analogy. First, you have to un- 
derstand the source environment and 
why the candidate solution worked 
there. Then ask yourself: How similar 
is this setting really, and how different 
is it? It means doing two things that 
don’t come naturally: actively search- 
ing for differences, and asking if the 

| similarities you do see are superficial. 
The final step is to translate the candi- 
date solution into the target environ- 
ment and see if it works well enough. 
And when you deploy it, be ready to 
adapt. @ 53285 





This is the latest in a series of monthly discus- 
sions with Harvard Business Review authors 
| on topics of interest to IT managers. 
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1. IMs stockroom for ’01 merlot. 

2. Conferencing with design partners. 
3. Orders from vendor, wirelessly. 

4. Driver receives last-minute order. 
5. Delivers orders quickly, accurately. 
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1. Takes virtual tour of vacation spot. 
2. Books flight with partner airline. 

3. Dispatches service automatically. 

4. Analyzes schedule data dynamically. 
5. Business results reach new heights. 
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Treat information security as an 
operational risk management | issue, not | 


as a tactical function. 


HRISTOFER HOFF is on a 

mission. As the director 

of information security at 

Western Corporate Feder- 

al Credit Union (Wes- 

Corp), Hoff has launched 
an initiative to quantify the benefits 
of information security spending for 
business executives at the San Dimas, 
Calif.-based company. 

The constantly evolving technology 
and threat environment and the diffi- 
culty of attaching a specific monetary 
value to information assets make it 
hard to come up with traditional 
return-on-investment numbers, Hoff 
says. So the focus instead is on gather- 
ing corporate metrics that show how 
the company can reduce risk exposure 
and avoid costs — such as those relat- 
ed to virus attacks — by implementing 
the appropriate security measures. 

As part of this effort, Hoff’s team is 
implementing a process methodology 
called OCTAVE from Carnegie Mellon 
University’s Software Engineering In- 
stitute. OCTAVE helps companies iden- 
tify infrastructure vulnerabilities, priori- 
tize information assets and create asset- 
specific threat profiles and mitigation 
plans (see chart). 

It’s all about showing “reduction of 
risk on investment,” Hoff says. “I’m 
not interested in showing that I’ve im- 
proved the bottom line. What I can 
show is how we have managed risk on 
behalf of the company and reduced 
our risk exposure.” 

Hoff is among a growing number of 
security managers who say it’s time to 
approach information security as an 
operational risk management issue 
rather than as a function that’s solely 
focused on implementing tactical fixes 
for every new threat that surfaces. 

The need to comply with regulations 
such as the Sarbanes-Oxley Act, the 








Health Insurance Portability and 
Accountability Act and California’s 
SB 1386 is one of the primary factors 
pushing companies to take a more 
business-oriented look at their infor- 
mation security measures. 

Lending urgency to the situation is a 
wave of legislation that lawmakers are 
considering in response to a series of 
well-publicized data compromises at 
Bank of America Corp., ChoicePoint 
Inc. and LexisNexis Group [Quick- 
Link 53256]. 


A New View 


Evolving threats and a greater expo- 
sure to risk are also pushing the need 
for a more strategic view of security. 
The growing use of wireless and hand- 
held technologies and the tendency to 
connect internal networks with those 
of suppliers, partners and customers 
have dramatically increased security 
risks and the potential consequences 
of a breach. 

“All of a sudden, there are a lot of 


new stakeholders in information secu- 
rity,” including regulators, sharehold- 
ers, customers, employees and busi- 
ness partners, says Carolee Birchall, 
vice president and senior risk officer at 
BMO Bank of Montreal in Toronto. “All 
of these groups have different expecta- 
| tions of IT, and they all come to a head 
around information security,” she says. 

The trend calls for a fundamental 
rethinking of security objectives, say 
security managers such as Hoff. 

The goal isn’t to completely elimi- 
nate all risk, because that is unrealistic, 
says Kirk Herath chief privacy officer 
at Nationwide Mutual Insurance Co. in 
Columbus, Ohio. Rather, it’s to under- 
stand the broad nature and scope of 
the threats to your specific situation. 

You should base mitigation mea- 
sures on the probability of loss or dis- 
ruption from those risks. The focus is 
not on point technologies but on high- 
er-level issues such as system availabil- 
ity, recovery and incident response, 
says Herath. 

It’s a risk-mitigation approach that 
starts with a detailed understanding of 
the information assets that you want to 
protect and what exactly you want to 
protect them against, says Vinnie Cot- 
tone, vice president of infrastructure 
services at Eaton Vance Distributors 
Inc., a financial services firm in Boston. 

The company is currently imple- 
menting security changes aimed at ad- 
dressing five specific issues that were 
identified during a corporatewide IT 
and business risk-assessment exercise. 

The issues include a need for stronger 
user authentication and measures for 
securing and enforcing policies on all 
endpoint devices — such as laptops 
and wireless systems — attempting to 
log into the Eaton Vance network. 

“We took a look at every possible 
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| [information security] threat to Eaton 
Vance, and from there we came out 
with a lot of ‘what if’ scenarios and 
then determined what we should do” 
to deal with them, Cottone says. 

But most security managers ac- 
knowledge that the daily tasks of deal- 
ing with unreliable software code and 
chasing the latest viruses, worms and 
spyware leave little time or resources 
| to focus on such big-picture strategies. 

Changing business requirements and 
the growing complexity of threats can 
also keep security managers tied to tac- 
tical issues, even if they don’t want to 
be. Adding to the challenge is a trou- 
bling disconnect between security 
organizations and business units, 
security managers say. 

Lloyd Hession, chief information 
security officer at Radianz Inc., a New 
York-based provider of communica- 
tions services to the financial services 
industry, says a common view of exec- 
utives is, “We have spent all this mon- 
ey on antivirus tools, Web filters and 
firewalls, and why hasn’t that stopped 
this problem?” 

Security managers say they’re too 
often seen as purveyors of fear, uncer- 
tainty and doubt who have little under- 
standing of business requirements. 

To change that image, they need to 
help business managers understand 
the trade-offs that have to be made to 
accommodate a new security measure. 
And that means no geekspeak, says 
Cottone. “You really can’t talk technical 
or any kind of jargon” when communi- 
cating security strategy to the business 
side, he says. 

The key message, says Hession, is 
that information security is a business 
problem that is “not addressed simply 
by the firewalls and antivirus [tools] 
that are already in place.” @ 53385 
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Electric Power 

Research Insti- 

tute Inc., Palo 
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RUC 
lished in 1973 as an independent 
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A return to ecoFnomic form won't 
be good news for all employers in 
Silicon Valley. A nonprofit, EPRI 
has benefited from the flood of 
yemreie- nem Clue UT Lalo 
came affordable after the dot- 
com bust. Computerworld’s 
Thomas Hoffman talked to ClO 
Arnold Testa about what's likely 
to happen next. 


Are you facing any particular IT skills 
challenges at EPRI? Not really, because 


we've been able to augment our staff with in- 
dependent contractors, and here in the Silicon 
Valley, there's a wealth of technical talent, 
much of which has been underutilized for the 
past two or three years. When the upturn hits 
in the economy here, that’s going to be a 
problem. 


Why? Those contracting firms will be 
snapped up by top-tier companies, and we'll 
be left with second-tier performers. 


Have you seen any significant changes 
in contractor rates over the past six 
months? It's alittle bit higher. After the dot- 
com bust, contractor rates dropped about 
50%, and now they've crept back to about 
half of what was lost. We can still find people 
at lower rates; you just have to hunt for them a 
little more. 


How many contractors do you use at a 
given time? Not alot, from an applications 
development standpoint. About five there, 
and about five more in our operations area 
We have a total of about 50 people on our 
IT staff. 


In Demand 


According to the U.S. Bureau of Labor Statistics, the occupations requiring at 
least two years of college that will grow the fastest from 2002 to 2012 are 
computer software engineer and computer systems analyst. 


Raa at) 


PROJECTED EMPLOYMENT | PERCENTAGE 
2012 CHANGE 
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Be Careful What You Blog 


cuenioate 
blog. When she found inconsistency in- 
stead of evidence of any corporate poli- 
cy about this matter, she filed a sex dis- 
crimination complaint. Then, a little 
more than a month after being told that 
her blog had caused a problem, she 
was fired. 

Others have similar stories about the 
haziness of what's OK to put up on the 
Web. Mark Jen was a newly hired 
Google employee when he learned that 
some of his postings had to be removed. 
His site was down for a while, and when 


it reappeared without the offending ma- 
terial, Jen apologized for having “put 
some stuff up on my blog that’s not sup- 


this.” But a short while later, he leamed 
otherwise, and he too was dismissed. 


grappling with what's acceptable and 
what isn't.” 

Eventually, companies are going to 
have to provide clear guidance on work- 
telated biogging. And perhaps that guid- 
ance will be more liberal than the cases 
cited in the Workforce Management ar- 
ticle suggest. Also quoted in the article, 
Eugene Volokh, a professor of law at 
UCLA, says, “Employers must recognize 
that unless they accommodate blog- 
ging, they risk losing good people.” 


© 53362 
~ Jamie Eckle 
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Without global IT operations, 
my company would: 


BASE: 250 RESPONDENTS 


The main obstacles to our 
globalization strategy are: 


eae eel] 
9% 


BASE: 224 RESPONDENTS 
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What effect is IT globalization 
having on your company’s 
infrastructure relative to viruses, 
spyware and adware? 


Still there, but recent invest- 
ments in solutions are helping 


37% a 


We are good 
no issues | 


| 
— Continues to be What is spy-— 
aconstantissue  ware/adware? 


BASE: 196 RESPONDENTS 


Today, what percentage of 
your IT development and mainte- 


nance budget goes offshore? 
Greater 


BASE: 197 RESPONDENTS 
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Cost Accounting 


NFORMATION TECHNOLOGY costs form the 
basis for many strategic decisions. Most large 
companies have a reasonable understanding of 
their overall IT costs; they track the cost of peo- 
ple, hardware, software and other items in the an- 
nual budgeting wars. But you need good cost account- 
ing to be able to slice and dice your IT costs the way 
decisions are actually made: by service and activity. 


Accurate cost accounting wan 
is crucial to making good 
business trade-offs. It clari- 
fies whether a function is 
managed efficiently and 
helps you make the right 
choice when facing multiple 
investment alternatives. 

Specifically, cost account- 
ing can help you in these 
seven areas: 

1. Evaluating outsourcing. Few 
organizations want to out- 
source if it will result in 
higher costs. But unless you 
have an accurate under- 
standing of your current 
costs, your outsourcing ef- 
forts may result in a nasty 
surprise. Cost-accounting 
data provides the foundation 
for determining the price at which it’s 
advantageous to outsource a particular 
function. 

2. Spending wisely. One CIO found his 
desktop budget increasing dramatically, 
even though workstation requests were 
equal to the prior year’s. Cost account- 
ing revealed the cause: The total cost of 
ownership (TCO) of a notebook was 
30% higher than that of a desktop — in- 
cluding acquisition, configuration, in- 
stallation and support. Virtually every 
new workstation request had been for a 
notebook (which was perceived as a sta- 
tus symbo}). Based on this analysis, all 
future requests were filled by desktop 
PCs unless notebooks were justified. 

3. Weighing trade-offs. Every organiza- 
tion faces trade-offs as it allocates finite 
funds. Such trade-offs include: 


| 
| 
| 


@ Cost cutting. Everyone is 
trying to cut costs. But how 
can you decide to eliminate 
something for financial rea- 
sons if you don’t know ex- 
actly how much it costs? If 
division presidents want to 
lower their IT costs, they 
need accurate TCO values 
for each IT service or appli- 
cation used. These costs 
need to be described in a 
useful and understandable 
way (e.g., cost per invoice, 
not cost per gigabyte) so 
that each division can make 
conscious trade-offs regard- 
ing which IT services to 
limit, cut or continue. 

@ New development. Every 
IT organization has a long 

list of projects it would like to undertake 
but can’t fund. Cost accounting provides 
accurate data about the aggregate costs 
of IT resources (such as database admin- 
istrators, servers, architects and licens- 
es) that must be included for accurate 
planning. This allows proposed projects 
to be more accurately evaluated and pri- 
oritized. 

4. Improving forecasting. Multiyear fore- 
casts of IT costs can be built in two 
steps. First, categorize your spending 
into major activities such as develop- 
ment, enhancement, maintenance and 
production. Then compare various com- 
binations of these activities to industry 
norms, such as the ratio of development 
cost to production, or the sum of mainte- 
nance and enhancement divided by pro- 
duction. These ratios will improve your 





ability to forecast your IT budget more 
accurately over multiple years. (See 
“Development Drop-Down Budgeting,” 
QuickLink 49668.) 

5. Assessing the financial impact of project 
cancellations. The impact of stopping a 
project or activity is often dismissed by 
saying something like, “These costs will 
just go away.” If a project is eliminated, 
however, not all of the costs will actually 
disappear. For example, canceling an 
outsourced project will eliminate pay- 
ments to the outsourcer. But the cost of 
shared resources (such as test servers, 
development tools, telecommunications, 
architects and database administrators) 
can’t usually be eliminated. 

6. Evaluating IT efficiency. Today’s IT or- 
ganization has to be efficient. Calculate 
unit costs (e.g., the cost of a help desk 
call or the per-month cost of a laptop) 
and compare them to industry norms. 
Efficient unit costs help you justify IT 
resources. If your costs are more than 
the norm, follow the money to locate the 
inefficiencies and fix the problems. 

7. Enabling chargeback. Some organiza- 
tions use chargeback as a way to limit 
consumption of IT resources, charging 
departments for the IT products and ser- 
vices they consume. Chargeback isn’t ap- 
propriate for every company. But if you 
plan to institute a chargeback system, 
you need a detailed and accurate ac- 
counting of the cost of each IT product 
or service. Without good cost account- 
ing, a chargeback system will allocate 
charges unfairly, creating dissatisfaction 
and political grumbling. 

Cost-accounting data provides the crit- 
ical foundation for important strategic 
decisions. These decisions are too cru- 
cial to base on educated guesses. Your 
information needs to be good enough to 
bet the company, because you’re often 
doing just that. Cost accounting lever- 
ages your financial data to make in- 
formed and effective business decisions. 
Get enough data to be sure. @ 53288 
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For more columns and links to our archives, go to 
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CNN has dubbed him a modern-day James Bond. 
Ira Winkler has heisted nuclear reactor designs, 

taken over banks, and stolen billions of dollars— 
all to help organizations seal security breaches. 


Now, this former National Security Agency 


undercover analyst helps you adapt the security 


measures of intelligence agencies in order to defend 
your systems against such threats as script 
kiddies, foreign intelligence operatives, cyber- 
terrorists, and worst of all, your trusted insiders 


If Spies Among Us reads like an espionage 
exposé, that’s only because it is. 


Praise for Spies Among Us 


“Tra Winkler stands out because he’s the real 
deal: a guy with a resume of companies 
he’s broken into and identities he’s stolen in 
his job as a security and intelligence expert. 
He reveals the top threats to our personal 
and national security, with lots of straight- 
forward advice on how to protect yourself. 

If you’ve got a social security number, 

you need to read this book whether 

you’re a CEO or a grandmother.” 
—SOLEDAD O'BRIEN, CNN 
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Virtualizing NAS? Expand Your Pool. 


Other Virtualization Approaches 
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Not all virtualization solutions are equal. 

Most :include limitations and introduce a single mount point, 
performance bottleneck, data integrity risk or are limited to a 
Sri storage pool, 


With RainStorage, you get NAS virtualization without 
limitations. RainStorage deploys easily with no management 
headaches, no risks, and includes specific applications that 
identify and resolve ‘issues. The result? | You will 
dramatically simplify storage management, increase capacity 
utilization, improve performance, better leverage storage 
tiers, and lower TCO. 


But don't take our word for it. The Taneja Group has defined 
the criteria for evaluating virtualization solutions. Receive a 
FREE copy of "Evaluating Network File Management 
NO hae a ACM emen ae on 


( Rainfinity ) 


INFINITY 1/70 


Contact Infinity I/O, the industry leader in Storage 
Networking training, at 1-800-990-0955 or visit our web 


site at www.infinityio.com 


Earn a Degree in Your Spare Time! 


irectDegree.com 


Find the franchise opportunity that’s 


right for you. 


sFranchise.com 


Discounts 
..@om Freebies and 
Trial Offers. 
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Backups. Snapshots. SRM. Compliance. D/R... 


Are your point products less 
friendly than they look? 


CommVault software lets you deploy individual products or seamlessly 
integrate new ones at a fraction of the time, effort and money required 


by separate point solutions. 
® 
CommVauit 
Unified Data Management™ 


Learn more at commvault.com or call us at 732.870.4000. 
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IT Careers: Regulations Lead to New Opportunities 


hen regulatory compliance and technology intersect, 

the result can be new IT challenges. Such is the case 
with the implementation of new SEC regulations tied to 
Sarbanes-Oxley — the birth of new analytic applications. 


More important, businesses implementing Sarbanes-Oxley 
have added a new capability to their business tool kit. The 
new analytical applications are providing near-real-time 
analysis of how the business is performing, seeping into 
operational areas throughout the enterprise. IDC, a division 
of this magazine's publisher IDG, reports that the new 
applications provide greater internal visibility, decision 
support and processes/controls. 


Subhashini Software Solutions 
Inc.: We are looking for the follow- 
ing position in any of the skills. 
Technical Services Managers 
Data Processing Manager: Direct 
daily operations of department. 
analyze workflow, establish prion- 
ties. Develop computer informa- 
tion resources, provide data secu- 
rity and control, strategic comput- 
ing, and disaster recovery. 
Knowledge in ERP packages 
using SAP, EDI, Workflow, 
Business Connector, NET, 
Business Objects, PeopleSoft. 
PeopleTools programs using ASP, 
DB2, SQL/Oracle, UNIX/NT. Reg. 
M.S. in Comp. Science or Engg. 
& tyr of exp, or B.S. in Comp 
Science or Engg. +5 yrs of exp. 


Systems Analysts: Research, 
design, develop, test, & recom- 
mend software requirements for E- 
commerce database applications. 
Use Oracie, Java, Perl, XML, 
Solaris, Web logic, C++ & current 
Web Technologies in Windows. 
Unix, and Linux environments. 
Need B.S. in Comp. Science or 
Engg. or related and 2 yrs of exp. 


Programmer Analysts: Design & 
develop Enterprise Resource 
Planning, Customer Relationship 
Management, ASP, Dataware- 
house applications. Use current 
web technologies, web services, 
Stored procedures and SQL. Work 
in Unix Environment and Unix 
Schell Scripting. Need 2 yrs of 
exp. 


Send resume to: HR Manager, 
Subhashini Software Solutions, 
Inc. 2215 W. Russell Ave. Sioux 
Falls, SD 57104 or via e-mail at: 
recruiter@subhashinisoftware.net 


Sr. Test Engineer-Austin, TX 
Responsible for planning and 
leading functional test team 
through all stages of product 
testing including execution, fail- 
ure analysis, test matrix and exit 
reporting; assist in overall pro- 
ject planning process including 
authorizing test plans and test 
schedules, identifying resource 
requirements, risks, and mitiga- 
tion factors Develop and 
improve test strategies and test 
environments involving Fibre 
Channel, SCSI and iSCSI router 
products, servers, and Storage 
Area Networks subsystems 
Requires M.S. in Computer 
Science or equivalent and 2 yrs 
of experience in job offered or 2 
yrs in s/w system testing 
automation, storage networks 
using iSCSI, Fibre-Channel, and 
SCSI protocols. Mail resumes 
to Crossroads Systems, Inc 
Job Code: STE, 8300 North 
Mopac Expressway, Austin TX 
78759. No fax, email or phone 


Software Test Lead: May be 
assigned to various unanticipat- 
ed locations throughout US for 
short & long term assignments. 
Req's: BS Eng. or BSCS & 3 yrs 
exp. in job offered or as s/w Test 
Eng. Exp. to incl. testing of busi- 
ness-critical app's for financial 
institutional customers & use of 
config. mngmnt tools. Proficien 
cy in using test automation & 
performance testing tools such 
as Mercury Quick Test, WinRun- 
ner and Loadrunner; Oracle PL/ 
SQL & C++ or Java req'd. 40 
hrs/week; Job & interview site: 
Bridgewater, NJ. Send cover let- 
ter & resume to: Job #CW-0405, 
ReiQ Software, Inc., 250 Route 
28, Suite 208, Bridgewater, NJ 
08807. No calls, pis. 


According to Katherine Spencer Lee, executive director of 
Robert Half Technology, business growth and new 
regulatory measures mean more IT jobs at a higher level of 
complexity. Spencer Lee's January report on 2005 salary 
trends says the most in-demand IT professionals will be 
those who can develop applications and technologies that 
collect, store, analyze and provide access to data. Key 
technical skills required in these areas include a strong 
foundation in database management — Oracle8i/9i/10g, 
Microsoft SQL Server, IBM DB2 and database 
administration certificates. She forecasts increased hiring 
in application development for business systems analysts 


Omnisoft, Inc 

We are looking for the foliowing 
position in any of the skills. 
Technical Services Managers, 
Data Processing Manager 
Direct daily operations of depart- 
ment, analyze workflow, estab- 
lish priorities. Develop computer 
information resources, provide 
data security and control, strate- 
gic computing, and disaster 
recovery. Knowledge in ERP 
packages using SAP, EDI, 
Workflow, Business Connector, 
NET, Business Objects 
PeopleSoft, PeopleTools pro- 
grams using ASP, DB2, SQL/ 
Oracle, UNIX/NT. Req. M.S. in 
Comp. Science or Engg. & tyr 
of exp, or B.S. in Comp. Science 
or Engg. +5 yrs of exp 


Send resume to: HR Manager, 
Omnisoft, Inc., 2215 W. Russell 
Ave. Sioux Falls, SD 57104 or'| 
via e-mail at 
sreenivas@omnisoftinc.net 


IT Manager for NY Fra- 
grance Co. Plan, direct, or 
coordinate activities in 
such fields as electronic 
data processing, informa- 
tion systems, systems 
analysis, and comp. pro- 
gramming. Design, dvipm- 
nt & testing of bus. s/ware 
appli'ns. Apply w/ 2 copies 
of resume to HRD, New 
York Fragrances, Inc., 162 
Port Richmond Ave, 
Staten Island, NY 10302. 
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and application architects with well-developed object- 
oriented language, JAVA, XML and .Net skills. 


Spencer Lee says the impact of new regulations is holistic, 
seeping down into every aspect of technology operations. 
“The issue is how a business uses the new requirements to 
improve, to be more productive, to be more timely and 
accurate. It is causing businesses to look at IT in a new way 
— to generate growth. 


“Firms are hiring again, but only after clearly defining their 
requirements and making sure there is a sustainable need," 
she adds. 


The skill-based careers are accompanied by an uptick in 
project management hiring, according to Spencer Lee. The 
complexity of the job continues to grow, as demand is 
higher for people who can work and communicate well 
with non-technical team members and who can identify 
ways to get the most out of multiple technologies and 
functions. 


“| tell IT professionals that they need to assure that there 
is evidence of them being a proactive skill builder,” Spencer 
Lee says. “IT professionals must be fluid because the job 
requirements differ so vastly day-to-day. And it's 
increasingly important how you communicate technology 
since you'll be working with (non-technologists) to execute 
everything.” 


For more information about IT Careers advertising, 
please call: 800.762.2977 


Produced by Carole R. Hedden 


Featured Editorials 


IT Careers offers you information on the most relevant 
career management topics relative to IT recruitment. 


Here’s what’s coming up next: 


April 18: 
Women in IT Careers 


May 2: 
IT Careers in Information Security 


Be sure to take advantage of this great 
opportunity to brand your company or display 
your recruitment message in IT Careers amid 


these specialized editorials 


Contact us: 
800-762-2977 


Visit us at: 
www.itcareers.com 
Powered By: 


@® Career Journal.com 
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ATTENTION: 


ed 
ee ley 
loli wate erty 


Place your 
Labor Certification 
ads here! 

Are you frequently placing 
legallimmigration advertisements? 
Let us help you put together a 
cost effective program that will 
make this time-consuming 
task a littie easier. 


Contact: Danielle Tetreault at: 


800-762- 2977 
iT|Careers 


Computer Support Specialist w/ 
MS in Comp Sci/MIS & min 3 yrs 
exp in LAN/WAN admin w/ NT 
4.0 server, WinProxy 6.0 server, 
SQL server & MS Windows 
server platforms Respon- 
sibilities incl: network & desktop 
support, & SQL databases. 
Email resume to Inter Youth Org 


Newark, NJ at 


HumanResources@iyonewark.org. 


Ste) aimee Norm ae 
RS ireltiemreendoushiomaelitg 
recruitment message 
with IT Careers. 


IT Careers Audience Skill 
Survey 2003/2004 


IS/MIS/IT 


Windows 2000 


TCP/IP 


Windows 95/98 


PC/s 


Unix NET/Linux 


Networking/Telecom 


Windows NT 
Windows XP 


Internet/Web Dev./E-Com. 


Zc a aaa eee 


Your direct line 


of communication 
to qualified IT 
Professionals 


with the most in 
demand IT skills 


iT|\cCareers 


Contact us: 800-762-2977 


CW41 105E/MWiW 2 


Mgmt Consultant, Richard- 
son, TX. Conduct organiza- 
tional studies & analyze 
functional specs of bus 
case docs, prepare master 
design docs & procedures 
modify & build User Inter- 
face for proj specific req, 
build custom components & 
assist mgmt with training sys 
users & resolving comp s/w 
h/w problems. Req: BSCS+ 
1 yr exp. Resumes to: M 
Williams, Viewlocity, inc 
3475 Piedmont Rd, Ste 
1640, Atlanta, GA 30305 


COMPUTER ENGINEER. Ana- 
lyze software and hardware 
establish connection to the inter- 
net; support of internal network: 
design and support of web page 
design local area network, man- 
aged migration between net- 
ware and windows NT, oversee 
installation of hardware and soft- 
ware; review results of computer 
runs; manage real estate listing 
on public and trade sites. Req 
Bachelor's Degree or Foreign 
Equivalent in Education and 
work experience. Please for- 
ward resume to: Ginette Orozco 
PA 104 Crandon Bivd., Ste 
#315, Key Biscayne, FL 33149. 


Gallop Technologies seeks 
software engg/DBA/System 
Analysts working in Dallas or 
various sites. Require MS or 
BS with related experience 
Skills of Mercury, WinRunner. 
OLAP, data warehousing 
strong plus. Sponsor H-1b and 
green card. Send resumes to 
info@dwspecialsts.com. EOE 


IT specialists, business analyst 
wanted by ARWANO, Inc. for 
positions using Oracle, SQL 
VB, C/C++, SAP, AS/400 
RPGLE, COBOL/400, CL, 
SQL/400, Query/400, Oracle 
RDBMS. Minimum is MS or BS 
degree with IT experience. Tra- 
vel maybe required. Apply at 
waseem@arwano.com. EOE 


COMPUTER GAME JOBS: 
Activision, an interactive 
entertainment software co., 
has openings for Line Pro- 
ducer, Software Engineer, 
and Game Programmer in 
Madison, Wi. Send resume 
to Staffing Coordinator, 
3100 Ocean Park Bivd., 
Santa Monica, CA 90405 


Software Eng Mgr: Manage 
design & development of 
course products, supervise 
pre-release testing; design & 
integration of product fea- 
tures & technical tools; devel- 
op & simulate new algorithms 
based on knowledge space 
theory; supervise software 
engineers. 2 yrs exp or 5 yrs 
as a software eng. MS in soft- 
ware engineering/computer 
science. F/T. Send resume 
Aleks Corp, 400 N. Tustin 
Ave, Ste 300, Santa Ana, CA 
92705 Attn: L. Dodson 


ValueMomentum Inc. a software 
development and consuiting 
company is looking for Software 
Engineers having Masters De- 
gree or equivalent with a mini- 
mum of two years of experience 
in information technology area 
Applicants will be responsible for 
Requirement Collection, Re- 
quirement Analysis, Technical 
Architecture/Technical Design 
Development, Review, Coding 
and Testing to automate pro- 
cessing and to improve existing 
computer systems. Develop 
application architecture and/or 
requirements for designing us- 
ing Rational Rose, ERWin and 
other tools. install, configure and 
tune application servers and 
web servers like Websphere and 
Weblogic. Configure and code 
using Business Rules Engine 
like Blaze, and ILOG Perform 
database design for different 
databases in web and main- 
frame applications like Oracle. 
DB2, IDMS, Sybase, Access 
and/or IMS. Undertake J2EE 
other web development method- 
ologies, and mainframe legacy 
environment. Perform code re- 
view using tools like JUnit, and 
JTest. Design automation testing 
and performance testing envi- 
ronment-using tools like Mercury 
Winrunner and Load runner. 
Work on multiple operating sys- 
tems like Unix and Windows 
NT/2000. Good understanding 
of Financial Services Mortgage. 
Credit, and/or Insurance do- 
main or in combination thereof 
Will provide a competitive salary 
and benefits. Send Resume to 
Value Momentum, Inc., 3001 
Hadley Road, Unit 8, South 
Plainfield, NJ 07080 or email to 
sri@vmomentum.com. 


SENIOR SYSTEMS ADMINIS- 
TRATOR Responsible for ad 
ministration, support and main- 
tenance of corporate Windows 
and Unix server infrastructures. 
Microsoft and Linus based user 
workstations and the IS man- 
aged segments of the local and 
wide area networks. Respon- 
sible for systems management 
capacity planning, utilization 
scoping, and systems planning 
and implementation for both 
infrastructure and software sys- 
tems components. Develop sys- 
tems specification based on 
user and business needs, make 
recommendations for system 
solutions, participate in and in 
some cases manage the imple- 
mentation and administrative 
support of hardware and soft- 
ware systems. Work with user 
community at all levels to deploy 
and support systems to meet 
business requirements. Requir- 
ements: Bachelor's degree (or 
foreign wy equivalent) in 
Computer Science, Information 
Science, or a closely related 
field, with five years of experi- 
ence in the job offered or as 
Manager/Team Lead in IT. Prior 
experience must include 5 years 
of SOLARIS and VERIATAS 
Send resume to: HR Manager, 
ZANTAZ, Inc. 5671 Gibraitar 
Drive, Pleasanton, CA 94588 
(No Phone Calls Please) 


NETWORK SYSTEMS 
ANALYST 


NetGain Technologies seeks a 
Network Systems Analyst in 
Lexington, Kentucky. Design 
install and support LAN/WAN 
network configurations and in- 
ternet systems. Analyze user 
requirements and problems 
Monitor and maintain network 
system performance. Plan lay- 
‘out of new computer system or 
modification of existing system. 
Instruct IT specialists of cus- 
tomers to solve and prevent 
problems. Bachelor's degree in 
Computer Science or reiated 
field is required. Competitive 
compensation with benefits. 
Submit resume with complete 
references to: Judy Palmer, H.R. 
Director, NetGain Technologies 
2031 Georgetown Road, Lexing- 
ton, KY 40511 
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Mae Bacto a 


MultiCare Aa 


Located in Tacoma, Washington, MultiCare is recognized as one of 
the 100 best integrated health care systems in America. This posi- 
tion will provide technical support for the PACS (Imaging) system 


& expertise in the areas of systems planning, project management, 
database administration, system administration, system interfacing, 
system/data security, information quality, application software and 
clinical and business administration. BS in Computer Science pre 
ferred, 5+ years experience in enterprise scale Unix administration 
(Solaris preferred), and experience w/ Shell and Perl scripting 
Experience w/ PACS (Imaging) a plus. Previous healthcare 
experience preferred. We offer competitive salaries, a comprehensive 
benefit package, and tuition repayment 


E-mail resume to julie.wood@muliticare.org 


Project Manager (Orlando 
FL). Expanding hospitality 
and business management 
company seeks software pro- 
fessional to plan, manage 
and maintain various Internet 
and business system projects 
through project life cycle 
Prior project and resource 
management experience uti- 
lizing web/internet technolo- 
gies helpful Competitive 
salary. Mail resume to Avista 
Management _ inc 5353 
Conroy Road, Suite 200 
Orlando, FL 3281. Atin: Sofia 
Barnes 


Software Engineer (Orlando. 
FL) Technology company 
seeks software professionals: 
to develop, and manage net- 
works and systems by utiliz- 
ing knowledge of Java 
JavaScript, C, C++, PASCAL 
HTML, CISCO 7204, Real 
Media Technology and DNS 
Server. Extensive Knowledge 
in ColdFusion, SQL Server 
2000, Netscreen Firewalls 
and BIG-IP Loadbalancers' 
preferred. Competitive salary 
Mail resume to Avista 
Management inc 5353 
Conroy Road, Suite 200, 
Orlando, FL 32811. Attn: Sofia 
Barnes 


Software Engineers: Software 
development activities. Min. BS 
CS/EE/CE/Math or foreign deg 
equiv. Background to include: a 
minimum of three of the follow- 
ing skills sets: machine learning, 
image processing, data mining. 
algorithm design, distributed 
systems, database design using 
SQL/MySQL; object oriented 
design/programming. Job Sites 
Mt. View, CA, Santa Monica 
CA, Kirkland, WA, NY, NY. 
interested candidates send 
resume to: BS1(J), K. Wolfe 
1600 Amphitheatre; Mt. View. 
CA 94043 (www.google.com) 


Software Engineers: Software 
development activities. Min. MS 
CS/EE/CE/Math or foreign deg 
equiv. Background to include: a 
minimum of three of the follow- 
ing skills sets: machine learning 
image processing, data mining 
algorithm design, distributed 
systems, database design using 
SQL/MySQL; object oriented 
design/programming. Job Sites: 
Mt. View, CA, Santa Monica 
CA, Kirkland, WA, NY, NY 
Interested candidates send 
resume to: MS1(J), K. Wolfe. 
1600 Amphitheatre; Mt. View, 
CA 94043 (www.googie.com) 


or apply online at www.multicare.org 


ValueMomentum Inc. a software 
development and consulting 
company is looking for Project 
Managers having Masters De- 
gree or equivalent with a mini- 
mum of three years of experi- 
ence in information technology 
area. Manages multiple projects. 
Manage, execute and deliver 
Projects, including analysis of 
user requirements. sign, de 
velopment and testing to auto- 
mate processing and to improve 
existing computer systems. Ex- 
ecute projects using both Water- 
fall and RUP models in distrib- 
uted environment. Work in multi- 
ple technologies that includes 
Mainframe and Open systems. 
Design and architect new com- 
puter systems and solutions 
using Rational Rose, Erwin, and 
Power Designer. Manage pro- 
jects in COBOL, Natural/Adab- 
as, Java, J2EE, Dot Net, DB2 
Oracle, and Sybase. Oversee 
installation, configuration and 
tuning application servers and 
web servers like lIS, Websphere 
and Weblogic. Work on multiple 
operating systems such as Unix 
and Windows NT/2000 environ- 
ment. Good understanding of Fi- 
nancial Services and insurance 
domain. Will provide a competi- 
tive salary and benefits. Send 
Resume to Value Momentum 
Inc., 3001 Hadiey Road, Unit 8 
South Plainfield, NJ 07080 or 
email to sri@vmomentum.com. 


Engineer 


Nuntius Systems, Inc. is 
looking for a Senior Soft- 
ware Engineer - Network- 
ing and Connectivity 
Travel required. Please 
mail resumes to Nuntius 
Systems, Inc., Job code 
CWLC, 13700 Alton Park- 
way, Suite #154-266, 
Irvine, CA 92618. No 
phone calls or emails 
please 


Software Engineers: Lead soft 
ware development activities 
Min. PhD CS/EE/CE/Math or 
foreign deg. equiv. Background 
to include: a minimum of three of 
the following skilis sets: machine 
learning, image processing, data 
mining, algorithm design, distrib- 
uted systems, database design 
using SQL/MySQL; object or 
ented design/programming. Job 
Sites: Mt. View, CA, Santa 
Monica, CA, Kirkland, WA, NY. 
NY. Interested candidates send 
resume to: PHD1(J), K. Wolfe 
1600 Amphitheatre; Mt. View. 
CA 94043 (www.google.com) 
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Outsourcing _ 


nology officer at First Horizon | 


Bank in Memphis. “This is go- 
ing to be a problem for us as 
an industry and as a company 
over time, because a lot of in- 
novation comes from them.” 
Ruckh was among a group 


of executives speaking on gov- 


erning IT outsourcing proc- 
esses at the American Bankers 
Association’s Bank Outsourc- 
ing Forum here last week. He 
said First Horizon has turned 
to Fidelity Information Ser- 
vices Inc. to centralize its IT 
systems management. 


Consolidation Benefits 
Ruckh said First Horizon is in 
the process of expanding a 2- 
year-old outsourcing pact with 


Jacksonville, Fla.-based Fidelity | 


Information Services that has 
centralized management of the 
bank’s core IT systems. With 
Fidelity, he said, his company 
has gained better overall IT 
project results for less money 
and more consistent delivery 
on service-level agreements. 
First Horizon consolidated 


Checklist 


Research the following 
before selecting an 
outsourcing vendor: 


# Financial stability 

® Information security 
program and policies 

= Application/systems security 


® Vendor relationships 


Pe ereoseseeeseseseseseesees 


= Insurance considerations 


Seer eereseeseeseescesessees 


= Offshore and cross- 
border issues 


= Contingency planning and 
disaster recovery plans 


® Physical security 
® Hiring practices and employ- 
ment policies 


eeceses 





Banks Merging Business, IT Offices 


MEMPHIS 
BANKING CIOs are increasingly 
moving IT employees into offices 
with business personnel, making 
them share the responsibility - 
and rewards - for building and 
implementing IT projects. 

Speaking at the American 
Bankers Association's Bank Out- 
sourcing Forum here last week, 
Tom Meiman, strategic migration 
manager at Wachovia Corp. in 
Charlotte, N.C., said it’s impor- 
tant for technologists and busi- 
ness personnel to work together. 
“You need to be in the room talk- 
ing about engineering, because 
the convergence process really 
does require a new way of think- 
ing about things,” he said. 

The $28 billion bank is in the 
middle of an engineering project 
to converge several electronic 


| many of its other vendor out- 


sourcing agreements into a 
more centralized one with Fi- 
delity, according to Ruckh. 
The bank’s IT budget is about 


| $120 million, and “a good por- 


tion of that is with Fidelity,” 
said Ruckh, who wouldn't dis- 
close the value of the deal. 
Landy Dutton, director of 
operational risk management 
at Regions Financial Corp. in 
Birmingham, Ala., said the 
federal Gramm-Leach-Bliley 
Act, which requires financial 
institutions to ensure cus- 
tomer privacy, prompted her 
company to centralize control 
of outsourcing to reduce risk. 
Through its consolidation 
effort, Regions has reduced 
the number of its service con- 
tracts from 500 to 30 over the 
past several years, Dutton said. 
The financial services firm 
created a single outsourcing 
information database and cen- 
tral vendor management pro- 


| gram that has outsourcing 


managers report to top-level 
executives and includes risk 


assessments of all outsourcing 


vendors. 








image and data-transfer net- 
works in conjunction with the 
federal Check Clearing for the 
21st Century Act, or Check 21, 
which allows banks to use check 
images instead of physical items 
for clearing and settlement. 

John Dick, CIO at Regions 
Financial Corp., a $4.6 billion 
bank based in Birmingham, Ala., 
has been training his IT employ- 
ees about the banking business 
to help them better understand 
the other side of the house. Dick 
said he doubled his IT training 
budget between 2003 and 2004 
and is tripling it this year as a re- 
tention tool for his 1,000-plus IT 
employees. 

“IT professionals are highly 
motivated by training,” he said. “| 
think [the business courses] will 
have a longer-term impact in how 


By centralizing manage- 


| ment and contract informa- 
| tion, the company can better 


keep track of its outsourcing 
§ 


| efforts, Dutton said. “When 
| you manage outsourcing in 


the business units, you never 


| know how many contracts you 


have,” she said. 


MEMPHIS 
CORPORATE IT organizations 
are increasingly turning to the 
SAS 70 auditing standard to en- 
sure that outsourcers comply 
with various government IT reg- 


Trust Corp. uses the SAS 70 for- 
mat to evaluate whether large 


we work with the business side.” 
He expects to gradually provide 
IT workers with more business 
responsibility “as we get the ar- 
chitecture and standards more 
formalized and the governance 
established around this model.” 
Dick also took an unusual step 


It’s 
not 
just about 
doing ed- 
ucational stuff, but 
actually making 
[business and IT] 
one team. 


Pee eeesererseseseeseeeseeeee 


JOE GOTTRON, C0. 
HUNTINGTON BANCSHARES INC 


In contrast to those who 
favor larger, more centralized 
outsourcing contracts, Louis 
Rosenthal, an executive vice 
president in charge of IT for 


the North American opera- 


tion of ABN Amro Bank NV, 
prefers multivendor deals 
because they let him use best- 
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by hiring a communications spe- 
Cialist to help his organization 
make the rest of the company 
aware of IT's contributions to the 
business. 

Over the past four months, Joe 
Gottron, ClO at Huntington Banc- 
shares Inc., said he physically 
moved IT and business personnel 
working on CRM and ERP projects 
to a combined office two miles 
from the firm's Columbus, Ohio, 
headquarters. The group had pre- 
viously been separated by two 
floors in the headquarters building. 

Gottron also created a new 
program management office, as- 
signing a single manager for both 
business and IT personnel as- 
signed to an IT project. “You talk 
about taking it to the next level. 
It's not just about doing educa- 
tional stuff, but actually making 
them one team,” he said. “It's 
vastly improved the results.” 

- Lucas Mearian 


| in-class providers of any size. 


Over past 10 months, Rosen- 


| thal has been evaluating ven- 
| dor proposals to run the ma- 
| jority of Amro IT operations 


in 60 countries. Rosenthal ex- 


| pects the effort to save his IT 
| Operations $800 million annu- 


| ally. @ 53666 





8 COMPUTERWORLD April 11, 2005 


__THE BACK PAGE 


FRANK HAYES #® FRANKLY SPI 


eep RFID Simple 


HE STATE OF TEXAS is thinking about replacing vehicle 

inspection stickers with RFID tags [QuickLink 53621]. 

The state likes the idea because it would enable drive-by 

enforcement of insurance requirements. Privacy parti- 

sans don’t, because it could expose car owners’ personal 
information to anyone who scans their vehicles with an RFID reader. 

Sounds like a tough problem of functionality vs. privacy, doesn’t 

it? But why? There’s no compelling reason any personal information 
should be stored on those RFID tags — or on any RFID tags. So why 
is everyone’s default assumption that it will be? 


Here, look: How many different ways could 
Texas implement vehicle inspection RFID tags? 
One way is to use low-powered tags that can 
be read only up close. But that doesn’t require 
RFID. There’s already an identifying tag that 
police routinely use for checking vehicle infor- 
mation. It’s called a license plate. 

Besides, Texas wants to scan cars on the fly. 
That requires high-frequency RFID tags that 
can respond quickly and at a distance. Those 
tags also typically can hold lots of data. Soa 
vehicle inspection RFID tag could contain as 
much as a megabyte of information about a 
vehicle — or as little as a license plate number. 

Which makes more sense? Cramming lots of 
vehicle data onto an RFID tag means a police 
officer could read it directly with a scanner. 
But what cop could read data on 100 cars per 
minute roaring past? Besides, any embedded in- 
surance information could be outdated the day 
after the tag was stuck on the vehicle. 

And that data would be exposed to anyone 
else with an RFID scanner. The data could be 
encrypted, but that means the scanner would 
have to be attached to a computer to decrypt it. 
Or the RFID equipment could be nonstandard 
— but hackers are pretty good at 
matching any customized gear. 

On the other hand, if an RFID tag 
responds with just a license plate 
number, that can be checked against 
an up-to-date back-end database 
without human intervention. And 
the only information exposed by the 
RFID tag is already displayed on the 
vehicle’s bumper. 

See? It makes no sense to over- 
load those Texas tags. Putting the 
smarts in the database and keeping 
the tags simple makes the system 
more reliable, secure and effective 


FRANK HAYES, Computer- 
world's senior news colum- 
nist, has covered IT formore RFID tags will bring us some 
than 20 years. Contact him at 
frank_hayes@computerworld.com. 





— and minimizes privacy issues, too. 

So why does this look like such a hard prob- 
lem at first glance? Because if an RFID tag has 
space for lots of data, some people will auto- 
matically feel an urge to fill it up. 

We need to resist that urge. Not just for vehi- 
cle tags in Texas, but for all the other RFID ap- 
plications we'll be implementing soon. 

Some of those RFID jobs will be forced on us, 
such as Wal-Mart’s supply chain mandate. But 
others we'll come up with ourselves. We'll try 
sticking RFID tags on shipping cartons, em- 
ployee ID badges, forklifts, hard-copy docu- 
ments, desk chairs, mail carts, computer moni- 
tors — anything we need to track or identify or 
inventory or locate. 

What we'd really like is a clear set of RFID 
best practices. But in the meantime, we'll just 
have to remind ourselves to keep the tags as 
simple as possible and keep the data on them to 
a minimum. If we must include data, it should 
be encrypted — but less data is better. 

We'll probably have to hold the line on that 
rule with non-IT managers and executives too, 
especially if they’ve heard RFID sales pitches 
bragging about how much data a tag can hold. 

And to other business-side 
people, we'll probably have to ex- 
plain how we’re protecting their 
sensitive information, especially if 
they’ve heard about RFID risks and 
expect the worst. 

But we can do that. In fact, we’d 
better, if we want to deliver the ad- 
vantages of RFID technology for 
our users with a maximum of bene- 
fit and a minimum of risk. 

Because if we don’t, those little 


Texas-size problems after all. 


@ 53638 
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Unintended 

Nightly software update fails at this data center, and it 
creates a major mess the next moming. But somehow 
no one notifies the CIO, who first hears about it ina 
meeting with users. He's furious and announces that 
heads will roll - and from now on, he must be the first 
to know should anything like this happen. “Two weeks 
later, same thing occurs,” says a pilot fish there. “CIO 
gets the call at 1 a.m., and the call tree happens in re- 
verse. This caught my eye in the Ci0’s report to the di- 
rector's office: ‘Due to loss of personnel because of 
cutbacks, | have begun to receive calls in the middle of 


the night from operations.’ ” 
Oops! word, | go down 


Support tech re- to the server 
serena TANK. user's pass- 
word. So much 
eee ane. : for the newer, tightened 
figured on his PC. “He ; Security.” 
quickly started deleting 
the printer connections,” : : Close, but Not 
reports a pilot fish in the : Close Enough 
know. “With half the : User’s laptop won't pow- 
printers deleted, calls = er up, so she unplugs 
started coming in from: 
the users, and the light 
came on. Before lunch, 
he had been logged 
onto the print server. 
He wasn’t deleting the 
mapped printersfrom: 
print queues directly 
from the print server!” 
Fortunately, sysadmins 
were able to restore all 


a virus problem,” fish 

says. “Since I can no 

longer access this per- 

son’s computer using =: . 

our global admin pass- : don’t need your gun.” 


SHOOT SHARKY YOUR STORY. Send me your true 

tale of IT life at sharky@computerworld.com. You'll 
score a stylish Shark shirt if | use it. And check out the daily 
feed, browse the Sharkives and sign up for Shark Tank 
home delivery at computerworld.com/sharky. 
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No more unidentified issues. 
Zero in on the source of any SAN slowdown. 


Welcome to a network tool so smart, it’s almost unreal. NetWisdom. The intelligent SAN performance 
monitoring solution that keeps you one step ahead of trouble. 


Instantly measure SAN performance against the baseline to verify you're meeting internal service 
objectives. The exclusive ‘visual dashboard’ displays real-time health of the entire fabric. And if your 
SAN stumbles, you can quickly identify and engage the vendor at fault, to drive swift problem resolution. 


Understand. Identify. Resolve. Fast. With the NetWisdom SAN performance monitoring solution. 
Dashboard delivers a visual snapshot : s r ‘ i ‘ , i - 
of entire SAN fabric performance. Get more details during a free webinar, “Improving SAN Performance and Uptime with NetWisdom. 


Sign up now at http://finisarevents.webex.com 


See us at Storage Networking World, April 12 - 14, at Booth G19 
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eee i am Re RUC mentee 


gigabit-enabled switches that is second to none. That means 
ee Ree gee ea ee 
eee CUE CRC ae eee ae 
geen Che minutes can now be done in seconds. And you 
I ec oe munch cite inmel cla 
performance at the edge—not just the core of your network. 
What's more, ProCurve Be eae RTC 
backed by a lifetime warranty’—perhaps Be a 
industry. More affordability. More choice. More productivity. 


.... ProCurve Networking 


ip HP Innovation 


www.hp.com/networking/gigabit $= CONTACT = your local HP reseller 


CLICK 


*Lifetime warranty applies to ail ProCurve Products, excluding the ProCurve routing switch 9300m Series and Secure Access 700wi Series, which have a one-year warranty with extensions available. 
©2004 Hewlett-Packard Development Company, L.P 








